Mozilla Store Suffers Breach

One of the most visible ways to show your love for Firefox and all things Mozilla — at least in the offline world — is by sporting some of the wide range of Mozilla swag. The primary source of those items, however, is unavailable today, after the organization's online store was hit by a security breach.

According to a posting on The Mozilla Blog, Mozilla learned yesterday that the company operating the organization's U.S. storeGatewayCDI — experienced a security breach. Mozilla immediately closed the shop as a precaution, and although it is run by a different group, closed the International Mozilla Store as well. Current visitors to either shop receive the message that "The Mozilla Store has been closed for maintenance."

According to Mozilla's post, an investigation is under way to determine the cause and extent of the break-in — the organization has committed not to reopen the shop until concerns about privacy and security can be assuaged. The International Store will presumably undergo a precautionary audit and, given that it is operated by a separate entity, be reinstated on its own schedule. The Mozilla Community Store, which — as its name suggests — sells merchandise created by members of the Mozilla community, is operated by a third unrelated company, and remains open.

According to Mozilla, they encouraged GatewayCDI to immediately contact affected customers directly to advise them of the issue and potential consequences. Interestingly, though the breach was discovered and disclosed yesterday, at least some customers — your editor included — were not notified of the incident by GatewayCDI until late this afternoon.

According to their emailed notice, GatewayCDI doesn't believe any credit card data was compromised in the attack, but has confirmed that at least some customer's usernames and passwords were breached. Notified users are strongly encouraged to change their username/password as a precaution — users would do well to do so for all their Mozilla-related accounts, particularly if they use the same username/password in multiple places. Though it is currently impossible to do so as the site is offline, the company indicated it will notify users when the store is operational again — hopefully without waiting twenty-four hours or more to do so.

______________________

Justin Ryan is a Contributing Editor for Linux Journal.

White Paper
Fabric-Based Computing Enables Optimized Hyperscale Data Centers

Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.

Learn More

Sponsored by AMD

White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions