According to officials representing Mozilla Developer Network, a database error left the website vulnerable to potential private-info thefts, leaving the possibility for a leak of 75,000 user email addresses and 4,000 passwords. The security hole went unnoticed and was not dealt with for a whole month. The announcement was made in a blog post by Stormy Peters (director of development relations) and Joe Stevensen (operations security manager).
Previously known as Mozilla Developer Center, Mozilla Developer Network (MDN) is the foundation's official website for development documentation that includes Mozilla-related software as well as other open source technology.
The error that resulted in a data leak was found several days ago by a developer who noticed that a data sanitation process was not working properly. Although the database dump was immediately removed and the entire process suspended to prevent any further disclosures, the vulnerability had already been open for around 30 days.
The passwords that were unwillingly made public were encrypted and salted so they are hard to break, but even if that happens, they won't work on the MDN website. Taking into account the possibility that users might use similar passwords on multiple accounts, Mozilla is now notifying the people at risk.
According to MDN officials, there was no malicious activity observed on the website during the time of the potential leak, but that doesn't mean the information wasn't accessed.
Mozilla apologized for their error and said that they are inspecting the processes and principles that led to this event, in order to stop it from ever reoccurring.