Last Friday, Mozilla reported the accidental release of the e-mails of 76,000 Mozilla Developer Network (MDN) users to the public alongside the encrypted passwords of 4,000 users. The disclosure happened due to the failure of a data sanitization process at the MDN site starting on June 23rd and lasting a period of 30 days.

Mozilla is a free software community best known for developing and supporting the Firefox web browser.

According to a blog post outlining the issue, Mozilla engineers removed the accidentally disclosed database dump file immediately upon discovering the issue. Also the failing data sanitization process has been disabled to prevent further disclosure.

“The encrypted passwords were salted hashes and they by themselves cannot be used to authenticate with the MDN website today,” wrote Stormy Peters, Director of Developer Relations, and Joe Stevensen, Operations Security Manager.

However, MDN users could have re-used passwords on other sites or services (a practice discouraged heavily by the security community) and this would leave them vulnerable to exposure on those services.

Notices have been sent to all users affected by the breach recommending that they change any similar passwords they have been using.

Mozilla engineers have not seen any evidence that the accidentally disclosed information had been accessed and no malicious reports have surfaced. It is still better to be safe than sorry in the case of a breach.

Peters and Stevensen emphasized in the security transparency blog post that the MDN team is taking a further look at the processes that led to this exposure and the principles in place to reduce harm to users. Users or parties who have any questions may reach out to security@mozilla.org for further information.