Categories: Mozilla News

Mozilla Store Vendor Security Breach

Mozilla

August 4, 2009

Today, Mozilla discovered that GatewayCDI, the third party vendor entrusted to run the backend of the Mozilla Store, suffered a security breach. Once notified, we took the immediate preventative step of shutting down the Mozilla Store to ensure that no additional users could be compromised.

Mozilla immediately reached out to GatewayCDI and encouraged them to quickly inform individuals whose data had been compromised. GatewayCDI is currently investigating their systems and determining the cause and extent of the breach. Mozilla Store customers who are affected will be contacted directly by GatewayCDI.

Mozilla is committed to user privacy and the store will only be reinstated once we have a satisfactory assurance of ongoing login security and data privacy.

The International Mozilla Store, although run by a separate partner company, has also temporarily been shut down as a precautionary measure. The Mozilla Community Store is operated on a wholly separate system and was not impacted by the breach.

Love the Web?

Get the Mozilla newsletter and help us keep it open and free.

Your e-mail address

Language

HTML Text

I’m okay with Mozilla handling my info as explained in this Privacy Policy.

We will only send you Mozilla-related information.

Thanks!

If you haven’t previously confirmed a subscription to a Mozilla-related newsletter you may have to do so. Please check your inbox or your spam filter for an e-mail from us.

27 comments on “Mozilla Store Vendor Security Breach”

Ping from Uh-oh: Mozilla Store goes down after security breach | iTech Report on August 4, 2009 at 9:49 pm:

[…] said in a post today that it is only the International store that has been affected, and says the Community Store […]
Ping from Mozilla Store Vendor Security Breach :: The Mozilla Blog on August 4, 2009 at 11:14 pm:

[…] See more here: Mozilla Store Vendor Security Breach :: The Mozilla Blog […]
Ping from Mozilla suspende operações da loja online por brecha de segurança « blog da informação on August 5, 2009 at 9:06 am:

[…] “A Mozilla descobriu uma falha de segurança no serviço da GatewayCDI e tomamos imediatamente uma providência preventiva suspendendo a Mozilla Store para nos certificarmos de que nossos usuários não seriam prejudicados”, alertou a companhia em seu blog. […]
Ping from Mozilla Store Vendor Security Breach :: The Mozilla Blog | Webmaster Tools on August 5, 2009 at 10:40 am:

[…] Excerpt from: Mozilla Store Vendor Security Breach :: The Mozilla Blog […]
Ping from Mozilla Store Breached | WCZone Web Design! | Akron Ohio Website Design - Akron Web Development, Cleveland Web Design, Business Website,Web Programming, Akron, Summit County - Services Cuyahoga Falls Website Design Web Development, Business Website,Web Pr on August 5, 2009 at 10:44 am:

[…] announced that the 3rd party vendor hired to run the Mozilla Store had suffered a security breach. They closed the store immediately and that is how it remains as of noon, Wednesday. GatewayCDI is the vendor named by Mozilla. […]
Ping from OmReem » Mozilla shuts Firefox e-store after security breach on August 5, 2009 at 12:11 pm:

[…] to run the backend of the Mozilla Store, suffered a security breach,” Mozilla said in a warning on its Web site. “Once notified, we took the immediate preventative step of shutting down the […]
Ping from Mozilla suspende operações da loja online por brecha de segurança | GUIA MCSE on August 5, 2009 at 12:15 pm:

[…] “A Mozilla descobriu uma falha de segurança no serviço da GatewayCDI e tomamos imediatamente uma providência preventiva suspendendo a Mozilla Store para nos certificarmos de que nossos usuários não seriam prejudicados”, alertou a companhia em seu blog. […]
GatewayCDI wrote on August 5, 2009 at 12:41 pm:

**Update 5:57 p.m**

Our previous message about the security breach at the Mozilla Store was unclear about what we are doing to protect your private information.

You do not need to take any action to change your username or password on the now deactivated Mozilla Store. We will be deleting all of your Mozilla Store information, including your existing username and password, from our database as a precaution.

You should assume the username and password you used on the Mozilla Store has been compromised and take steps to change that password on any other web services you currently use.

At this time we do not believe any credit card information has been compromised. However, we are conducting a complete security review, and having an independent security firm audit our findings. We anticipate this review will be complete by August 7th, 2009. We will notify you via email once our review is complete.

Again, GatewayCDI apologizes for any inconvenience this may cause. We value our customers and their online security is a top priority to our organization.

Sincerely,

Conrad Franey
Chief Marketing Officer
GatewayCDI

**Original Comment **

Dear Valued Mozilla Customer:

It has been brought to our attention that the Mozilla Store has had a security breach. We take all security breaches very seriously, and are working hard to determine the extent of the violation. In the meantime, the site has been taken down as a protective measure.

At this time we do not believe any credit card information has been compromised. However, some Mozilla Store customers’ user names and passwords have been exposed. It is our strong recommendation that all Mozilla Store customers proactively change their user name and passwords for their Mozilla Store account and all other accounts that use the same information. We will not bring the site back up until we are confident that we have addressed all security issues. A notification will be sent to you when the site goes back up.

GatewayCDI apologizes for any inconvenience this may cause. We value our customers and their online security is a top priority to our organization.

Sincerely,

Conrad Franey
Chief Marketing Officer
GatewayCDI
Ping from Falha de segurança obriga Fundação Mozilla a fechar loja : Geek Gear on August 5, 2009 at 1:02 pm:

[…] Via The Mozilla Blog […]
Ping from Internet Evolution - Security Clan Editor's Blog - 'Off' Switch a New Tool in Security Arsenal on August 5, 2009 at 1:14 pm:

[…] run the backend of the Mozilla Store, suffered a security breach," the software vendor said on its company blog yesterday. "Once notified, we took the immediate preventative step of shutting down the Mozilla […]
Ping from Tripletech TI Solutions » Falha de segurança fecha loja da Mozilla on August 5, 2009 at 3:26 pm:

[…] para garantir que as contas dos usuários não sejam comprometidas”, informou a companhia em seu blog oficial. A prestadora de serviços está investigando o sistema para definir a identidade dos clientes […]
Ping from Webwinkel Mozilla gehackt - BLOG PC Web plus - on August 6, 2009 at 12:40 am:

[…] partij die de backend voor de Mozilla Store regelt, gehackt was. Mozilla zou GatewayCDI hebben aangemoedigd om alle betrokken individuen wier gegevens gestolen zijn zo spoedig als mogelijk te […]
Ping from Mozilla shuts online store after security breach on August 6, 2009 at 2:07 am:

[…] said it found out about the breach on Monday (August 4, 2009) and took the immediate preventative step of shutting down the Mozilla […]
Ping from Falha de segurança fecha loja da Mozilla - Linha digital ~] on August 6, 2009 at 4:48 am:

[…] para garantir que as contas dos usuários não sejam comprometidas”, informou a companhia em seu blog oficial. A prestadora de serviços está investigando para encontrar os clientes prejudicados, ainda é […]
Ping from Mozilla Shut Down E-Store after Firefox Security Leak « Boonx's Blog on August 6, 2009 at 9:06 am:

[…] vendor entrusted to run the backend of the Mozilla Store, suffered a security breach," Mozilla wrote on its blog. "Once notified, we took the immediate preventative step of shutting down the Mozilla Store to […]
Ping from Mozilla E-Store Hacked | IT Security Blog on August 6, 2009 at 10:31 am:

[…] firm that Mozilla had hired to deal with their backend operations has suffered a security breach. Mozilla immediately issued a statement about the issue: Today, Mozilla discovered that GatewayCDI, the third-party vendor entrusted to run the backend of […]
Ping from Techknology’s Blog » Mozilla Shut Down E-Store after Firefox Security Leak on August 6, 2009 at 2:05 pm:

[…] vendor entrusted to run the backend of the Mozilla Store, suffered a security breach,” Mozilla wrote on its blog. “Once notified, we took the immediate preventative step of shutting down the Mozilla Store […]
Ping from Special Blog to All » Mozilla Store Vendor Security Breach :: The Mozilla Blog on August 6, 2009 at 2:57 pm:

[…] the rest here: Mozilla Store Vendor Security Breach :: The Mozilla Blog This entry is filed under Blog. You can follow any responses to this entry through the RSS 2.0 […]
Ping from Mozilla Store suspende operaciones por problema de seguridad on August 6, 2009 at 7:04 pm:

[…] : – Mozilla Store Vendor secutiry breach (blog de Mozilla) – Mozilla Store security breached (InformationWeek) Post a […]
Ping from BagulhoDoido » Blog Archive » Falha de segurança obriga Fundação Mozilla a fechar loja on August 7, 2009 at 6:33 pm:

[…] Via The Mozilla Blog […]
Ping from BagulhoDoido » Blog Archive » Falha de segurança obriga Fundação Mozilla a fechar loja on August 7, 2009 at 6:35 pm:

[…] The Mozilla Blog AKPC_IDS += "135,";Popularity: unranked […]
Ping from Falha de segurança obriga Fundação Mozilla a fechar loja « Bagulho Doido on August 7, 2009 at 6:52 pm:

[…] The Mozilla Blog AKPC_IDS += "4,";Popularity: unranked […]
Ping from Mozilla Store closed after security breach | Cafe Blog on August 8, 2009 at 12:35 am:

[…] a blog post Mozilla confirmed that it had decided to suspend the store after it was discovered that GatewayCDI, […]
Ping from International Mozilla Store Back Online | Easy Firefox on August 10, 2009 at 6:10 pm:

[…] Mozilla Store offline as a precautionary measure after being notified of the GatewayCDI security breach that impacted the North American Mozilla Store. After verifying the security of the International […]
Ping from International Mozilla Store Back Online « My Blog on August 13, 2009 at 10:35 pm:

[…] Mozilla Store offline as a precautionary measure after being notified of the GatewayCDI security breach that impacted the North American Mozilla Store. After verifying the security of the International […]
Ping from Mozilla suspende operações da loja online por brecha de segurança | GUIA MCITP on August 15, 2009 at 6:51 am:

[…] “A Mozilla descobriu uma falha de segurança no serviço da GatewayCDI e tomamos imediatamente uma providência preventiva suspendendo a Mozilla Store para nos certificarmos de que nossos usuários não seriam prejudicados”, alertou a companhia em seu blog. […]
Ping from Mozilla closes shop due to vendor security breach | Endpoint Security Info on August 24, 2009 at 9:40 pm:

[…] GatewayCDI, an SMB with offices in three US cities, which runs the Mozilla Store, the foundation said in a blog post quoted by the Register. There is still no information to confirm whether any customers of the […]

Ping from Uh-oh: Mozilla Store goes down after security breach | iTech Report on August 4, 2009 at 9:49 pm:

Ping from Mozilla Store Vendor Security Breach :: The Mozilla Blog on August 4, 2009 at 11:14 pm:

Ping from Mozilla suspende operações da loja online por brecha de segurança « blog da informação on August 5, 2009 at 9:06 am:

Ping from Mozilla Store Vendor Security Breach :: The Mozilla Blog | Webmaster Tools on August 5, 2009 at 10:40 am:

Ping from Mozilla Store Breached | WCZone Web Design! | Akron Ohio Website Design - Akron Web Development, Cleveland Web Design, Business Website,Web Programming, Akron, Summit County - Services Cuyahoga Falls Website Design Web Development, Business Website,Web Pr on August 5, 2009 at 10:44 am:

Ping from OmReem » Mozilla shuts Firefox e-store after security breach on August 5, 2009 at 12:11 pm:

Ping from Mozilla suspende operações da loja online por brecha de segurança | GUIA MCSE on August 5, 2009 at 12:15 pm:

GatewayCDI wrote on August 5, 2009 at 12:41 pm:

Ping from Falha de segurança obriga Fundação Mozilla a fechar loja : Geek Gear on August 5, 2009 at 1:02 pm:

Ping from Internet Evolution - Security Clan Editor's Blog - 'Off' Switch a New Tool in Security Arsenal on August 5, 2009 at 1:14 pm:

Ping from Tripletech TI Solutions » Falha de segurança fecha loja da Mozilla on August 5, 2009 at 3:26 pm:

Ping from Webwinkel Mozilla gehackt - BLOG PC Web plus - on August 6, 2009 at 12:40 am:

Ping from Mozilla shuts online store after security breach on August 6, 2009 at 2:07 am:

Ping from Falha de segurança fecha loja da Mozilla - Linha digital ~] on August 6, 2009 at 4:48 am:

Ping from Mozilla Shut Down E-Store after Firefox Security Leak « Boonx's Blog on August 6, 2009 at 9:06 am:

Ping from Mozilla E-Store Hacked | IT Security Blog on August 6, 2009 at 10:31 am:

Ping from Techknology’s Blog » Mozilla Shut Down E-Store after Firefox Security Leak on August 6, 2009 at 2:05 pm:

Ping from Special Blog to All » Mozilla Store Vendor Security Breach :: The Mozilla Blog on August 6, 2009 at 2:57 pm:

Ping from Mozilla Store suspende operaciones por problema de seguridad on August 6, 2009 at 7:04 pm:

Ping from BagulhoDoido » Blog Archive » Falha de segurança obriga Fundação Mozilla a fechar loja on August 7, 2009 at 6:33 pm:

Ping from BagulhoDoido » Blog Archive » Falha de segurança obriga Fundação Mozilla a fechar loja on August 7, 2009 at 6:35 pm:

Ping from Falha de segurança obriga Fundação Mozilla a fechar loja « Bagulho Doido on August 7, 2009 at 6:52 pm:

Ping from Mozilla Store closed after security breach | Cafe Blog on August 8, 2009 at 12:35 am:

Ping from International Mozilla Store Back Online | Easy Firefox on August 10, 2009 at 6:10 pm:

Ping from International Mozilla Store Back Online « My Blog on August 13, 2009 at 10:35 pm:

Ping from Mozilla suspende operações da loja online por brecha de segurança | GUIA MCITP on August 15, 2009 at 6:51 am:

Ping from Mozilla closes shop due to vendor security breach | Endpoint Security Info on August 24, 2009 at 9:40 pm: