THE MOZILLA FOUNDATION has revealed that it accidentally left the credentials of 76,000 users of its developer network publicly available.
The Mozilla Developer Network (MDN) database was undergoing a sanitisation process, but due to a failure in the server, it sent an emergency dump of its contents to a backup server.
Unfortunately the backup server was not encrypted, and as a result, details of 76,000 developers were available to anyone, along with 4,000 encrypted passwords.
The data has now been removed, but was visible for a month from 23 June before being discovered by developers.
On the Mozilla blog, director of developer relations Stormy Peters said, "We are known for our commitment to privacy and security, and we are deeply sorry for any inconvenience or concern this incident may cause you."
The response from the developer network has been remarkably understanding, perhaps aided by the fact that Mozilla revealed that the encrypted passwords would no longer work, and that no evidence of a breach has been detected.
Even one complainant who moaned, "Terrific I spent the last four hours changing all my passwords," was greeted with the response from a colleague, "Use Lastpass, stop reusing passwords, and stop complaining."
The data dump that caused the damage has now been disabled. Firefox is keen to attract developers to the web app based Firefox OS.
Last week, Mozilla announced Chris Beard as its new CEO. µ
Facebook has more influence than meets the eye
Attackers could 'easily compromise' an entire company by exploiting AV security flaws
Nobody knows it, but you've got a secret smiley
Plummeting pound forces firm's hand