It's been a bad month for Mozilla, as the company seems to be shedding user data left and right. The problems are apparently not over as new information has come to light regarding the loss of another 97,000 emails and passwords that were left exposed.
The latest issue comes via Bugzilla, and the organisation has reset all user passwords in an attempt to alleviate the issues. However, that didn't stop customer data from being exposed for about three months.
According to the Mozilla organisation, "One of our developers discovered that, starting on about May 4th, 2014, for a period of around 3 months, during the migration of our testing server for test builds of the Bugzilla software, database dump files containing email addresses and encrypted passwords of roughly 97,000 users of the test build were posted on a publicly accessible server. As soon as we became aware, the database dump files were removed from the server immediately, and we’ve modified the testing process to not require database dumps".
According to security researchers at Sophos, "We do not know whether or not the leaked database dumps have been picked up by anyone with ill-intent, or whether the passwords were hashed and salted, but Mozilla said it would like to think that developers who use test builds are aware of their insecure nature".
Mozilla has contacted all affected users and begun the process of fixing the problem. While customers, it seems, are likely safe, Mozilla is apologetic for the (another) problem. "We are deeply sorry for any inconvenience or concern this incident may cause you".