We have just concluded an investigation into a disclosure affecting members of Mozilla Developer Network. We began investigating the incident as soon as we learned of the disclosure. The issue came to light ten days ago when one of our web developers discovered that, starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server. As soon as we learned of it, the database dump file was removed from the server immediately, and the process that generates the dump was disabled to prevent further disclosure. While we have not been able to detect malicious activity on that server, we cannot be sure there wasn’t any such access.
We are known for our commitment to privacy and security, and we are deeply sorry for any inconvenience or concern this incident may cause you.
The encrypted passwords were salted hashes and they by themselves cannot be used to authenticate with the MDN website today. Still, it is possible that some MDN users could have reused their original MDN passwords on other non-Mozilla websites or authentication systems. We’ve sent notices to the users who were affected. For those that had both email and encrypted passwords disclosed, we recommended that they change any similar passwords they may be using.
In addition to notifying users and recommending short term fixes, we’re also taking a look at the processes and principles that are in place that may be made better to reduce the likelihood of something like this happening again. If you have questions, please reach out to security@mozilla.org
.
Thanks,
Stormy Peters
Director of Developer Relations
Joe Stevensen
Operations Security Manager
Stojković
wrote on
Andre
wrote on
max
wrote on
iMitwe
wrote on
Stefan
wrote on
Erwan
wrote on
Vincent
wrote on
Pluto
wrote on
Dave
wrote on
Stormy
wrote on
Ethan Henderson
wrote on
Dave
wrote on
Stormy
wrote on
patrick gonzales
wrote on
David Song
wrote on
Akif Rabbani
wrote on
Luciano
wrote on
Stanley
wrote on
Meta
wrote on
Eduardo Bautista
wrote on
TonyW
wrote on
groovecoder
wrote on
Stormy
wrote on
Bishal Mukherjee
wrote on
Justdave
wrote on
想睡
wrote on
TechyZeldaNerd
wrote on
Pluto
wrote on
Serge
wrote on
groovecoder
wrote on
Stormy
wrote on
M. Straver
wrote on
Miryafa
wrote on
Gage
wrote on
LeMaire Lee
wrote on
Stormy
wrote on
Daniel Wilson
wrote on
Dejan
wrote on
BillD
wrote on
Stevan
wrote on
Channely
wrote on
Stanley
wrote on
Morgan
wrote on
Price Hale
wrote on
Jam
wrote on
Channely
wrote on
文科
wrote on
CT
wrote on
opensource
wrote on
Sarah
wrote on
অর্নব দাস
wrote on
Robert Longson
wrote on
Pluto
wrote on
Guglielmo
wrote on
Stormy
wrote on
Amit
wrote on
Axel Hecht
wrote on
Andrew
wrote on
Conrad Kleinespel
wrote on
gaspard
wrote on
DevilishDB
wrote on
Matthieu Jung
wrote on
Gray
wrote on
Steve lee
wrote on
SIETEC
wrote on
groovecoder
wrote on
Rolandas
wrote on
Steve lee
wrote on
Sander
wrote on
Steve Lee
wrote on
Jake Nixon
wrote on
mojo706
wrote on
Gautham PJ
wrote on
I Hate Mozilla
wrote on
Andreas
wrote on
xgdfdfbcbvbc
wrote on
Miryafa
wrote on
Dale S
wrote on
Matthew
wrote on
Kiomi
wrote on
Racheal
wrote on
Hans Schmucker
wrote on
Michael
wrote on
Leonardo
wrote on
Ahmed Tareque Pantha
wrote on
Anees Iqbal
wrote on
Hacker
wrote on
Austin
wrote on
Austin
wrote on
Felipesvjr
wrote on
harry
wrote on
Daniel Veditz
wrote on
Philippe Verdy
wrote on
Pluto
wrote on
Daniel Veditz
wrote on
Fira
wrote on
Roos
wrote on
Nocarz
wrote on
Claudia g
wrote on
Ezequiel tafur peralta
wrote on
gb2g
wrote on
Stop
wrote on
lordfuoco
wrote on
Pluto
wrote on
Slau
wrote on
Jessie
wrote on
Zak
wrote on
Imanol
wrote on
Imanol
wrote on
Washington
wrote on
Kevin Garrity
wrote on
lwz
wrote on
Daniel Veditz
wrote on
dbd
wrote on
Malakeh erlinda Abdullah
wrote on
Anonymous
wrote on