Mozilla confirmed that 76,000 emails and 4,000 encrypted passwords were leaked from its Mozilla Developer Network (MDN).
The leak came as a result of a failure in the network’s data sanitization process, which removes personal identification information from stored data in order to protect user privacy, The Telegraph reports.
In a post on Mozilla’s security blog, Director of Developer Relations Stormy Peters assured developers that the database dump file containing the information was removed as soon as the vulnerability was detected, and the process that creates the file was stopped while Mozilla addressed the problem.
The leaked passwords were salted hashes, meaning they could no longer be used to sign into the MDN, although users would still be at risk if they use the same password for other services. As a precaution, Peters recommended that all affected users change their password, even though Mozilla has no definite proof that the data was accessed by anyone.
“While we have not been able to detect any malicious activity on that server, we cannot be sure there wasn’t any such access,” she wrote.
According to the post, Mozilla immediately notified affected users and is now examining how to fix the problem and prevent future issues.
“We’re also taking a look at the processes and principles that are in place that may be made better to reduce the likelihood of something like this happening again,” Peters wrote.
