Mozilla Improving Security Processes After Exposing Developer Data | eWeek

Mozilla Improving Security Processes After Exposing Developer Data

Mozilla Improving Security Processes After Exposing Developer Data
Aug 30, 2014
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Mozilla is doubling down on its security procedures after reporting two separate incidents in which developer information was unintentionally publicly disclosed.

The most recent incident was first reported by Mozilla on Aug. 27 and involves information disclosure on 97,000 developers. The landfill.bugzilla.org development system for the Bugzilla bug tracking platform left developer information, including email information and encrypted passwords, exposed publicly for approximately three months.

Mozilla estimates that the disclosure first occurred on May 4 during a migration of a testing server with a database dump containing the user information. Mozilla is now changing its testing process to not include database dumps. Users of the landfill.bugzilla.org system have been advised to change their passwords as a result of the issue.

On Aug. 1, Mozilla publicly revealed an information disclosure on its Mozilla Developer Network (MDN) platform, exposing information on approximately 76,000 users. That issue also had to deal with an unintentional database dump that included user information.

Denelle Dixon-Thayer, senior vice president of business and legal affairs at Mozilla, told eWEEK that the recent incidents have confirmed to Mozilla the importance of a review effort that got started last year. That effort encompasses a full review of Mozilla’s practices around data, including the various non-Mozilla projects that Mozilla supports.

“We are implementing immediate fixes for any discovered issues across the organization, and are requiring each business unit to perform a review of their data practices and, if necessary, to implement additional protections based on that review,” Dixon-Thayer said. “We will update users as we progress through this review.”

In the case of the information disclosures on the MDN and landfill.bugzilla.org site, user passwords were all encrypted, which is a key best practice to minimize data breach risk.

Another best practice that is increasingly being adopted by software development communities is the use of two-factor authentication for access. In a two-factor system, a second password (or factor) is required for a user to gain access. The Linux Foundation recently announced that it is deploying two-factor authentication for the development of the Linux kernel.

“We are committed to multilayered security controls and practices, many of which will be publicly verifiable by our global community, Dixon-Thayer said. “We are focused on continuing to improve our data practices to minimize the likelihood of these and other types of incidents.”

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.