Mozilla accidentally leaks the credentials of 76k devs

Mozilla server dumped developer credentials to an unencrypted server leaving the data vulnerable for a month before the error was discovered.

@ShaneMcGlaun

Published Aug 4, 2014 5:23 AM CDT
Updated Nov 3, 2020 1:15 PM CST

34 seconds read time

The Mozilla Foundation has made a mistake that left the credentials of about 76,000 developers using its Mozilla Developer Network vulnerable to hackers. During a sanitation process on the server where the data was stored, some sort of error cause an emergency dump of the data on that server to be sent to a backup server.

Mozilla accidentally leaks the credentials of 76k devs | TweakTown.com

That emergency dump is something that many servers do to prevent data loss. The catch is that the backup server where the data was dumped was unencrypted. That means that the details of those 76,000 developers were available to be copied by anyone along with 4,000 encrypted passwords.

Mozilla has removed the data now, but the information sat there for a month before developers noticed the issue. Mozilla says that the passwords would not work and that it hasn't seen any sort of breach using the data.