E-mail addresses and cryptographically protected passwords for thousands of Mozilla developers were exposed through a database glitch that may have been exploited by hackers, Mozilla officials warned Friday.
About 76,000 e-mail addresses and 4,000 password hashes were left on a publicly accessible server for about 30 days beginning June 23, according to a blog post. There is no indication the data was accessed, but Mozilla officials investigating the disclosure can't rule out the possibility. Hackers who might have managed to crack the hashes wouldn't be able to use the passwords to access Mozilla Developer Network accounts, but they may be able to access other user accounts secured with the same cracked passcode. The glitch was touched off when a data "sanitization" process failed, causing the addresses and hashes to be dumped to a publicly accessible server.
"We are known for our commitment to privacy and security, and we are deeply sorry for any inconvenience or concern this incident may cause you," Stormy Peters, director of developer relations, and Joe Stevensen, operations security manager, wrote. They continued: