Almost 76000 email addresses and 4000 passwords were made publicly available on Mozilla’s server for a whole month. Although there is no sign that anyone has used them, Mozilla are still investigating into the hack.
Members of Mozilla’s developer community have been alerted about the accidental leak of email addresses and encrypted passwords. Mozilla, which is most famous for its Firefox web browser, co-ordinates the development of a number of open-source software projects through the Mozilla Developer Network.
The passwords were stored as salted hashes, an encryption process which renders it computationally impossible to retrieve the original password in a readable format, and Mozilla says that, by themselves, they “cannot be used to authenticate with the MDN website today”.
But it adds that “it is possible that some MDN users could have reused their original MDN passwords on other non-Mozilla websites or authentication systems”.
Stormy Peters, the company’s director of developer relations, says that “as soon as we learned of the leak, the database dump file was removed from the server immediately, and the process that generates the dump was disabled to prevent further disclosure.”
“While we have not been able to detect malicious activity on that server, we cannot be sure there wasn’t any such access.”