Thousands of Developer Credentials Lost in Mozilla Database Dump

Head of developer relations for Mozilla Stormy Peters has announced that the company detected an internal problem on their servers, which has possibly resulted in the loss of thousands of personal details, including the email addresses and passwords of many of the top developers who have helped Firefox and its associated programs become one of the most customizable and sought after browsers available on the market today.

“We have just concluded an investigation into a disclosure affecting members of Mozilla Developer Network. We began investigating the incident as soon as we learned of the disclosure. The issue came to light ten days ago when one of our web developers discovered that, starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing”

The accidental disclosure was first discovered by the MDN developer team, who immediately responded by removing the portion of the database dump that had been leaking the info.

The passwords that were lost were thankfully encrypted in an SHA256 hash, which should prove itself a worthy adversary to even the most sophisticated of decryption efforts on behalf of whoever had access to the data while it was available.

That said, the company is still concerned that if the encryption is broken, the information contained within could allow the perpetrators to cross-reference the password (if it was reused) against a variety of more popular sites, potentially giving them access to a developer’s email, Facebook, or eBay accounts without their prior permission.

“The encrypted passwords were salted hashes and they by themselves cannot be used to authenticate with the MDN website today. Still, it is possible that some MDN users could have reused their original MDN passwords on other non-Mozilla websites or authentication systems. We’ve sent notices to the users who were affected. For those that had both email and encrypted passwords disclosed, we recommended that they change any similar passwords they may be using.”

The database debacle comes just a week after the official release of Firefox 31, which came installed with a range of security updates and changes which would create a safer, more protected ecosystem that both users and developers can depend on to keep their online data secure.

Stormy was solemn in her admittance of fault, and apologized for the mishap on behalf of the entire Mozilla team in the blog covering this event.

We are known for our commitment to privacy and security, and we are deeply sorry for any inconvenience or concern this incident may cause you.