Mozilla admits accidental leak of 76,000 developer emails
Mozilla has confirmed that around 76,000 email addresses and 4,000 encrypted passwords of its users in the Mozilla Developer Network (MDN) had been put on a publicly accessible server.
The firm, best known for its open source browser Firefox, blamed it on a process failure in one of its databases, and said it was “deeply sorry for any inconvenience or concern” it had caused.
The Mozilla Developer Network (MDN) gives information on various web platforms and developer tools, from web APIs to HTML5 and CSS3. Mozilla said once the breach was noted the database dump file was immediately removed from the server in order to prevent further disclosure – yet couldn’t confirm that there was no malicious intent on the publicly accessible server.
“In addition to notifying users and recommending short term fixes, we’re also taking a look at the processes and principles that are in place that may be made better to reduce the likelihood of something like this happening again,” a post attributed to Stormy Peters, Mozilla director of developer relations, and Joe Stevenson, operations security manager, added.
The comments underneath the post (97 at the time of writing) are a mix of brand loyalty – “I thank you and the entire team for being so open and transparent about this issue”, wrote one – as well as the usual anger and finger-pointing.
It’s not been the best of years for the open-source software provider. The Mozilla Foundation had recently named Chris Beard as permanent CEO after Brendan Eich stepped down following furore that he had donated to Proposition 8, a campaign against same sex marriage.
According to the most recent market analysis, Google Chrome has extended its lead over Firefox in the desktop browser stakes. July 2014 figures from Net Applications showed that Chrome had more than one fifth (20.37%) market share, ahead of Firefox at 15.08%, a 5.29% difference. June and May’s differences were 3.4% and 0.92% respectively, with Chrome only overtaking Firefox in usage figures in March this year.
Mozilla said it has notified all affected users, and recommends those whose emails and passwords were exposed should also change similar passwords they may be using.