Thousands of Mozilla Developers Emails and Password Exposed Accidentally

Mozilla Firefox have warned its users about the recent internal security of which thousands of email addresses and encrypted passwords of the Mozilla developer were accidentally disclosed.

On Friday, Mozilla team have posted on the blog post about the security issue on which about 76,000 e-mail addresses and 4,000 password hashes were left on a publicly accessible server for about 30 days beginning June 23.

Mozilla's Director of Developer Relations, Stormy Peters, wrote that they haven't get any kind of such malicious activities on the server, but Mozilla officials investigating the disclosure can't rule out the possibility. When the Mozilla team know about the breach they have immediately removed the database dumped file from the servers and team had also disable the automatic dump generating function to prevent further disclosure.

If there would have been any kind of data-theft on to the Mozilla server and then the data stolen from the database, may  not  use the passwords to access Mozilla Developer Network accounts but they may be able to access other user accounts secured with the same cracked passcode.

The encrypted passwords were salted hashes and they by themselves cannot be used to authenticate with the MDN website today. Still, it is possible that some MDN users could have reused their original MDN passwords on other non-Mozilla websites or authentication systems - Mozilla wrote 

Mozilla have apologize for the inconvenience or concern this incident may cause to the developers but they assured that they took the privacy and security issue more seriously. 

Mozilla mentioned that they have send the notice to the affected users via email along with the encrypted passwords disclosed. Mozilla asked its affected users to change the password immediately and also change the password of all the other account's that were using the same password.

Lastly, Mozilla team says that they are looking to make the Mozilla infrastructure more secure to avoid these happenings. 

In addition to notifying users and recommending short term fixes, we’re also taking a look at the processes and principles that are in place that may be made better to reduce the likelihood of something like this happening again. If you have questions, please reach out [email protected].