Mozilla is known worldwide for its Firefox Internet browser. The company coordinates the development of some open-source software projects via its Mozilla Developer Network.
From 23 June and for about 30 days, the company admits, data sanitization process had been failing. This caused the accidental disclosure of MDN email addresses of almost 76,000 users plus encrypted passwords of 4,000 users on a publicly accessible server. However, Mozilla said those passwords had been stored as salted hashes – an encryption process which rendered it computationally impossible to retrieve the original password in a readable format. The company also says that, by themselves, the passwords now can’t be used to authenticate with the MDN website.
Still, Mozilla added that some MDN users could have reused their original MDN passwords on other websites or authentication systems. Security experts confirmed that as soon as they learned of the leak, the database dump file was removed from the server immediately. In addition, the process generating the dump was disabled in order to prevent further disclosure. They also said that no malicious activity was detected on that server, but the experts admitted they can’t be 100% sure there wasn’t any such access.
In the meantime, the Mozilla Foundation recently named Chris Beard as the new permanent head of the corporation, after Brendan Eich resigned because of the controversy about his donations to a campaign against same sex marriage. At the time, the executive chairwoman of Mozilla Foundation said that they knew why people were hurt and angry, and they were right. She confirmed that Chris Beard was to stay on as Chief Executive Officer on a permanent basis, and pointed out that over the years he has led many of the company’s most innovative projects. Mozilla has relied on his judgment and advice for nearly ten years, and Beard is believed to have a clear vision of how to take Mozilla’s mission and turn it into industry-changing products and ideas.Perhaps, the new leader will have to start with apologies to all affected developers.