This story may be a month old, but its is something Mozilla users need to know. Early this month, Mozilla announced that a database on Mozilla Developer Network or MDN that contained members’ email IDs and passwords got disclosed on a publicly accessible server. Mozilla warned its users about this mishap and asked them to make sure that they are not getting malicious emails or activities through their credentials. When members of Mozilla were about to recover from this shock, Mozilla again notified the same problem to its users that their email IDs and passwords are mistakenly open to public.
On the official blog of ‘The Bugzilla Update’, the Mozilla spokesperson mentioned about the mishap:
“One of our developers discovered that, starting on about May 4th, 2014, for a period of around 3 months, during the migration of our testing server for test builds of the Bugzilla software, database dump files containing email addresses and encrypted passwords of roughly 97,000 users of the test build were posted on a publicly accessible server. As soon as we became aware, the database dump files were removed from the server immediately, and we’ve modified the testing process to not require database dumps.”
The officials of Mozilla stressed on the fact that when developers logon to MDN, they are made aware that the builds are insecure and may break. That’s why the developers mostly use passwords which they do not reuse elsewhere. Despite of that Mozilla highlighted the possibility of misuse of these passwords.
“..However, because it is possible that some users could have reused their passwords on other websites or authentication systems, we’ve sent notices to the users who were affected by this disclosure and recommended that they change any similar passwords they may be using.”
Mozilla tried to console its members by mentioning that unless the members have reused the password used on landfill.bugzilla.org, their email IDs and passwords on bugzilla.mozilla.org are not affected.
At the end, Mozilla did mention its apology to all the users about the inconvenience caused to them due to the disclosure of emails IDs and passwords. However, it is still not clear to how much extent the damage has been caused due to this disclosure.