It is a maintenance operation which is at the origin of a risk of data leakage at Mozilla explains the foundation on its blog. The accounts concerned are those of the developer network "Mozilla Developer Network" (MDN).
76000 emails and 4000 passwords were mistakenly copied onto a free-access server. It took 30 days before someone discovered the problem and the data was deleted. According to Mozilla, no malicious activity has been detected on this server, although nothing can guarantee that the list has not been copied.
Mozilla therefore wanted to notify the accounts concerned by email. The 4000 passwords being protected, the organization specifies that they cannot be used directly to connect to the MDN site. However, Internet users who are members of the affected MDN network have been notified by email and are asked to change their MDN account password. If it is used on other sites, the operation must be repeated for each of them.
Never shared passwords
The majority of online services use a method to protect passwords that are never displayed "in the clear". Thus a simple change of password following a potential leak like this one or an attack like the one suffered last May by the Avast forums guarantees the user that a malicious person will not have access to his account.
However, care must be taken never to use the same password for several online services, which would require, in the event of theft on only one of them, to change this password on all the services concerned.
See also:
- Forget passwords, think passphrases!
- How to shield your passwords