Uh-oh: Mozilla takes precautions after security breach

Posted by Brenton Currie  on Aug 5th, 2009 | 3 Comments

Community Mozilla Store

Community Mozilla Store

The Mozilla store has been taken offline after it was discovered that a security breach had occurred.

Mozilla said in a post today that at this stage only the third-party vendor, GatewayCDI who manages the back-end for the store, has suffered a security breach and that the International store has been taken off as a precautionary measure.

The International Mozilla Store, although run by a separate partner company, has temporarily been shut down as a precautionary measure. The Mozilla Community Store is operated on a wholly separate system and was not impacted by the breach.

GatewayCDI, the third-party vendor who actually runs the store on behalf of Mozilla, is currently investigating the issue.

GatewayCDI is currently investigating their systems and determining the cause and extent of the breach.

Mozilla says GatewayCDI will contact all customers who have been affected by the breach, although its unclear at this stage what information has been targeted. In the meantime, the International and US store will remain closed.

Update: Statement from GatewayCDI explaining extent of breach:

At this time we do not believe any credit card information has been compromised. However, some Mozilla Store customers’ user names and passwords have been exposed. It is our strong recommendation that all Mozilla Store customers proactively change their user name and passwords for their Mozilla Store account and all other accounts that use the same information. We will not bring the site back up until we are confident that we have addressed all security issues. A notification will be sent to you when the site goes back up.

 Print |    | Bookmark and Share

3 Comments

  1. Majken "Lucy" Connor says:
    August 5, 2009 at 3:01 pm

    You need to read the post again. The international store was not affected either, but is taken down as a precautionary measure. The US store is what was affected.

  2. Brenton Currie says:
    August 5, 2009 at 3:22 pm

    We’ve updated the post – thanks for letting us know!

  3. Conrad Franey says:
    August 8, 2009 at 2:52 am

    GatewayCDI Statement Regarding Mozilla Store Security Breach

    Earlier this week the Mozilla Store, hosted by GatewayCDI, suffered a security breach. At this time, there is no evidence that the credit card information of Mozilla Store customers has been compromised.

    On discovery of the breach, immediate action was taken. Mozilla shut down the Mozilla Store to ensure no additional users could be compromised and GatewayCDI launched an investigation, utilizing both internal resources and a private security company. As an additional precaution, GatewayCDI has deleted all Mozilla customer information from the company database.

    Customers do not need to change user names or passwords on the deactivated Mozilla Store, but are advised to change online accounts that use similar user names and passwords for their safety. For more information, please visit http://gatewaycdi.com/site/comment.asp.

    GatewayCDI sincerely apologizes for any inconvenience this has caused. Our customers’ online security is the highest priority for our organization.

    Conrad Franey,
    CMO, GatewayCDI,
    Conrad.Franey@gatewaycdi.com

Leave a comment