Spread Firefox Site Hacked, Data Leaked
The Mozilla Foundation marketing site SpreadFirefox.com, which is designed to promote adoption of Firefox, was hacked over the weekend, officials said in an e-mail sent to users on Friday. Attackers exploited a security vulnerability and potentially accessed personal information of the site's registered users.
The breach was not discovered until July 12, and the Web site was subsequently taken offline. Mozilla Foundation officials believe the compromised server was only used to send spam, but opted to err on the side of caution and contact users.
"It doesn't look like the attacker accessed any personal data on the site, but to be safe, we're encouraging all of our users to log in and change their passwords," read a notice posted by Mozilla engineer Asa Dotzler. "If you have an account with Spread Firefox, you probably received an email about this with instructions for updating your password."
Information provided by Spread Firefox users and stored on the server include a real name, a URL, an email address, IM names, a street address, a birthday, and private messages to other users.
News of the hack is a black eye for Mozilla, which prides itself on security when compared to Microsoft's Internet Explorer browser.
"The Mozilla Foundation deeply regrets this incident and is taking steps to prevent it from happening again. We have applied the necessary security fixes to the software running the site, have reviewed our security plan to determine why we didn't previously apply those fixes in this case, and have modified that plan to ensure we do so in the future."
The Foundation said in its e-mail that only SpreadFirefox.com was affected and not any other Mozilla owned site, including the mozilla.org server that serves Firefox downloads.