Skip to main content

Mozilla spills 76,000 developer emails in major leak

Mozilla has made a faux pas on the security front, with the browser maker accidentally leaking the email addresses of no less than 76,000 developers.

This actually happened beginning on 23 June, when a "data sanitisation" process of the Mozilla Developer Network (MDN) site database started failing, and did so for a month without being noticed. The problem was spotted by a Mozilla web developer 11 days ago, and since then, the company has been investigating the issue before making an announcement.

As mentioned, 76,000 email addresses were leaked, but also the encrypted passwords of 4,000 users were available to access on a public server. Mozilla says that there was no malicious activity it could trace to that server, but that it can't be sure it wasn't accessed by someone. Naturally, the database dump file has now been stripped from the server.

If the passwords were thieved by someone, they were stored securely as salted hashes – but obviously it's still recommended to change them (and for any other site with the same password, should you foolishly reuse passwords, of course). Mozilla has notified affected devs who need to take action, so if you haven't heard anything, there's no need to be concerned.

Mozilla apologised and said it was "deeply sorry" about the incident, and that it is "taking a look at the processes and principles that are in place that may be made better to reduce the likelihood of something like this happening again".

Mozilla has just named Chris Beard, who served as interim, as its new CEO at the end of last month, and doubtless he'll have a few strong words internally.