Mozilla on Friday notified users of its Mozilla Developer Network (MDN) about the “accidental disclosure” of over 76,000 email addresses and around 4,000 “salted” passwords . These MDN user credentials remained exposed to the public for around a month until one of the outfit’s web developers discovered their presence on a server accessible to the general public around a couple of weeks back.
“The issue came to light ten days ago when one of our web developers discovered that, starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server,” the company said in a
Friday. “As soon as we learned of it, the database dump file was removed from the server immediately, and the process that generates the dump was disabled to prevent further disclosure. While we have not been able to detect malicious activity on that server, we cannot be sure there wasn’t any such access.”
“The encrypted passwords were salted hashes and they by themselves cannot be used to authenticate with the MDN website today. Still, it is possible that some MDN users could have reused their original MDN passwords on other non-Mozilla websites or authentication systems. We’ve sent notices to the users who were affected. For those that had both email and encrypted passwords disclosed, we recommended that they change any similar passwords they may be using.”
Follow Pulkit on Google+