Database gaffe jeopardizes thousands of Mozilla developers’ e-mail addresses, passwords

Encrypted credentials of 4,000 developers, who aid the organization that built the popular Web browser Firefox, were exposed and might have been exploited by hackers.

Mozilla warned programmers about the incident on Aug. 1.

The passwords and roughly 76,000 email addresses were on a publicly-accessible server for about 30 days beginning June 23, according to a Mozilla blog post.

The mishap occurred when a data "sanitization" process failed, dumping the credentials on to the public server.

“There is no indication the data was accessed, but Mozilla officials investigating the disclosure can't rule out the possibility,” Ars reports. “Hackers who might have managed to crack the hashes wouldn't be able to use the passwords to access Mozilla Developer Network accounts, but they may be able to access other user accounts secured with the same cracked passcode.”

Stormy Peters, director of developer relations, and Joe Stevensen, operations security manager, wrote:

The encrypted passwords were salted hashes and they by themselves cannot be used to authenticate with the MDN website today. Still, it is possible that some MDN users could have reused their original MDN passwords on other non-Mozilla websites or authentication systems. We’ve sent notices to the users who were affected.