Bugzilla Users' Information Exposed

E-Mail Addresses, Encrypted Passwords Were Vulnerable
Bugzilla Users' Information Exposed

Bugzilla, a bug- and issue-tracking system supported by Mozilla, among other organizations, says 97,000 users had their e-mail addresses and encrypted passwords exposed on a publicly accessible server for roughly three months. Mozilla is best known for its Firefox web browser.

See Also: Fireside Chat | Zero Tolerance: Controlling The Landscape Where You'll Meet Your Adversaries

In a similar incident earlier in August, members of the Mozilla Developer Network had their e-mail addresses and encrypted passwords accidentally exposed on a public server (see: Mozilla Data Leak Affects 76,000).

The Bugzilla security incident occurred during the migration of the Landfill testing server for the software, which inadvertently posted the personal information to a public server, Bugzilla says. The disclosure began around May 4 and continued for a period of three months.

"As soon as we became aware, the database dump files were removed from the server immediately, and we've modified the testing process to not require database dumps," says Mark Cote, assistant project lead at Bugzilla.

Following the disclosure, Bugzilla has reset all passwords on its Landfill test systems. All users will be required to set up new passwords for the next time they access the test systems, Cote says.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.