Bugzilla Users' Information ExposedE-Mail Addresses, Encrypted Passwords Were Vulnerable
Bugzilla, a bug- and issue-tracking system supported by Mozilla, among other organizations, says 97,000 users had their e-mail addresses and encrypted passwords exposed on a publicly accessible server for roughly three months. Mozilla is best known for its Firefox web browser.
In a similar incident earlier in August, members of the Mozilla Developer Network had their e-mail addresses and encrypted passwords accidentally exposed on a public server (see: Mozilla Data Leak Affects 76,000).
The Bugzilla security incident occurred during the migration of the Landfill testing server for the software, which inadvertently posted the personal information to a public server, Bugzilla says. The disclosure began around May 4 and continued for a period of three months.
"As soon as we became aware, the database dump files were removed from the server immediately, and we've modified the testing process to not require database dumps," says Mark Cote, assistant project lead at Bugzilla.
Following the disclosure, Bugzilla has reset all passwords on its Landfill test systems. All users will be required to set up new passwords for the next time they access the test systems, Cote says.