ITVoice News: Mozilla’s developer information was accidentally disclosed publicly twice in last few months. The company is working on improving security of the system.
The incident happened first on 4 May, when company was migrating user information in with database dump on a testing server. Users of landfill.bugzilla.org were affected by this. It is a development system for Bugzilla bug tracking. Users have been told to change their passwords. Mozilla is searching alternative for database dumps.
In second incident, which took place on August 27, user database on landfill.bugzilla.org was again disclosed publicly for over three months. The information involved, developer information, email details, encrypted passwords etc. Over 97,000 developers were affected by this. Unintentional database dump disclosed information of 76,000 users on Mozilla Developer Network (MDN) platform on August 1.
These recent incidents have added the importance of full review of Mozilla’s data practices including non-Mozilla project support. Denelle Dixon-Thayer, senior VP of business and legal affairs at Mozilla said, “We are fixing known issues within the system. Each business unit within the company would review the data practice, security flaws and if necessary, we will implement addition protection in the system.”
The password information disclosed on Bugzilla and MDN was all encrypted. So, there isn’t any threat to user’s data. Another best practice to add security is two tier password system. In this, system asks for second password for authentication. Linux has recently implemented this two factor security system in Linux kernel development.