Mozilla Store Vendor Security Breach

[security curmudgeon <jericho () attrition org>]

http://blog.mozilla.com/blog/2009/08/04/mozilla-store-vendor-security-breach/

Mozilla Store Vendor Security Breach
Posted by Mozilla

August 4th, 2009  Mozilla News

Today, Mozilla discovered that GatewayCDI, the third party vendor 
entrusted to run the backend of the Mozilla Store, suffered a security 
breach. Once notified, we took the immediate preventative step of shutting 
down the Mozilla Store to ensure that no additional users could be 
compromised.

Mozilla immediately reached out to GatewayCDI and encouraged them to 
quickly inform individuals whose data had been compromised.  GatewayCDI is 
currently investigating their systems and determining the cause and extent 
of the breach.  Mozilla Store customers who are affected will be contacted 
directly by GatewayCDI.

Mozilla is committed to user privacy and the store will only be reinstated 
once we have a satisfactory assurance of ongoing login security and data 
privacy.

The International Mozilla Store, although run by a separate partner 
company, has also temporarily been shut down as a precautionary measure. 
The Mozilla Community Store is operated on a wholly separate system and 
was not impacted by the breach.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php