The Inquirer-Home

Mozilla goof leaves 76,000 developer identities on public server

Database backed up somewhere too public
Mon Aug 04 2014, 10:26

A Firefox logoTHE MOZILLA FOUNDATION has revealed that it accidentally left the credentials of 76,000 users of its developer network publicly available.

The Mozilla Developer Network (MDN) database was undergoing a sanitisation process, but due to a failure in the server, it sent an emergency dump of its contents to a backup server.

Unfortunately the backup server was not encrypted, and as a result, details of 76,000 developers were available to anyone, along with 4,000 encrypted passwords.

The data has now been removed, but was visible for a month from 23 June before being discovered by developers.

On the Mozilla blog, director of developer relations Stormy Peters said, "We are known for our commitment to privacy and security, and we are deeply sorry for any inconvenience or concern this incident may cause you."

The response from the developer network has been remarkably understanding, perhaps aided by the fact that Mozilla revealed that the encrypted passwords would no longer work, and that no evidence of a breach has been detected.

Even one complainant who moaned, "Terrific I spent the last four hours changing all my passwords," was greeted with the response from a colleague, "Use Lastpass, stop reusing passwords, and stop complaining."

The data dump that caused the damage has now been disabled. Firefox is keen to attract developers to the web app based Firefox OS.

Last week, Mozilla announced Chris Beard as its new CEO. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Microsoft's Windows 10 Preview has permission to watch your every move

Does Microsoft have the right to keylog users of its Windows 10 Technical Preview?