Mozilla said that a possible malicious activity on one of its servers disclosed email addresses of about 76,000 Mozilla Developer Network (MDN) users and encrypted passwords of about 4,000 users. Mozilla said the issue came to light ten days ago when one of its web developers discovered that, starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server. The database dump file was quickly removed from the server and the process that generates the dump was disabled to prevent further disclosure. However, Mozilla cannot be sure whether there was any malicious activity on that server.

"We are known for our commitment to privacy and security, and we are deeply sorry for any inconvenience or concern this incident may cause you," said Stormy Peters, Director of Developer Relations at Mozilla.

The encrypted passwords were salted hashes and they by themselves cannot be used to authenticate with the MDN website today. Still, it is possible that some MDN users could have reused their original MDN passwords on other non-Mozilla websites or authentication systems. Mozilla has sent notices to the users who were affected. For those that had both email and encrypted passwords disclosed, Mozilla recommended that they change any similar passwords they may be using.