The Mozilla Blog

News, notes and ramblings from the Mozilla project

Mozilla Store Vendor Security Breach

Posted by Mozilla

August 4th, 2009 · Mozilla News

Today, Mozilla discovered that GatewayCDI, the third party vendor entrusted to run the backend of the Mozilla Store, suffered a security breach. Once notified, we took the immediate preventative step of shutting down the Mozilla Store to ensure that no additional users could be compromised.

Mozilla immediately reached out to GatewayCDI and encouraged them to quickly inform individuals whose data had been compromised.  GatewayCDI is currently investigating their systems and determining the cause and extent of the breach.  Mozilla Store customers who are affected will be contacted directly by GatewayCDI.

Mozilla is committed to user privacy and the store will only be reinstated once we have a satisfactory assurance of ongoing login security and data privacy.

The International Mozilla Store, although run by a separate partner company, has also temporarily been shut down as a precautionary measure. The Mozilla Community Store is operated on a wholly separate system and was not impacted by the breach.

| Trackbacks (26) | Comments (1)

27 Responses to “Mozilla Store Vendor Security Breach”

  1. 1

    Pingback from Uh-oh: Mozilla Store goes down after security breach | iTech Report

    [...] said in a post today that it is only the International store that has been affected, and says the Community Store [...]

    Added on August 4th, 2009 at 9:49 pm

  2. 2

    Pingback from Mozilla Store Vendor Security Breach :: The Mozilla Blog

    [...] See more here: Mozilla Store Vendor Security Breach :: The Mozilla Blog [...]

    Added on August 4th, 2009 at 11:14 pm

  3. 3

    Pingback from Mozilla suspende operações da loja online por brecha de segurança « blog da informação

    [...] “A Mozilla descobriu uma falha de segurança no serviço da GatewayCDI e tomamos imediatamente uma providência preventiva suspendendo a Mozilla Store para nos certificarmos de que nossos usuários não seriam prejudicados”, alertou a companhia em seu blog. [...]

    Added on August 5th, 2009 at 9:06 am

  4. 4

    Pingback from Mozilla Store Vendor Security Breach :: The Mozilla Blog | Webmaster Tools

    [...] Excerpt from: Mozilla Store Vendor Security Breach :: The Mozilla Blog [...]

    Added on August 5th, 2009 at 10:40 am

  5. 5

    Pingback from Mozilla Store Breached | WCZone Web Design! | Akron Ohio Website Design - Akron Web Development, Cleveland Web Design, Business Website,Web Programming, Akron, Summit County - Services Cuyahoga Falls Website Design Web Development, Business Website,Web Pr

    [...] announced that the 3rd party vendor hired to run the Mozilla Store had suffered a security breach. They closed the store immediately and that is how it remains as of noon, Wednesday. GatewayCDI is the vendor named by Mozilla. [...]

    Added on August 5th, 2009 at 10:44 am

  6. 6

    Pingback from OmReem » Mozilla shuts Firefox e-store after security breach

    [...] to run the backend of the Mozilla Store, suffered a security breach,” Mozilla said in a warning on its Web site. “Once notified, we took the immediate preventative step of shutting down the [...]

    Added on August 5th, 2009 at 12:11 pm

  7. 7

    Pingback from Mozilla suspende operações da loja online por brecha de segurança | GUIA MCSE

    [...] “A Mozilla descobriu uma falha de segurança no serviço da GatewayCDI e tomamos imediatamente uma providência preventiva suspendendo a Mozilla Store para nos certificarmos de que nossos usuários não seriam prejudicados”, alertou a companhia em seu blog. [...]

    Added on August 5th, 2009 at 12:15 pm

  8. 8

    GatewayCDI said:

    **Update 5:57 p.m**

    Our previous message about the security breach at the Mozilla Store was unclear about what we are doing to protect your private information.

    You do not need to take any action to change your username or password on the now deactivated Mozilla Store. We will be deleting all of your Mozilla Store information, including your existing username and password, from our database as a precaution.

    You should assume the username and password you used on the Mozilla Store has been compromised and take steps to change that password on any other web services you currently use.

    At this time we do not believe any credit card information has been compromised. However, we are conducting a complete security review, and having an independent security firm audit our findings. We anticipate this review will be complete by August 7th, 2009. We will notify you via email once our review is complete.

    Again, GatewayCDI apologizes for any inconvenience this may cause. We value our customers and their online security is a top priority to our organization.

    Sincerely,

    Conrad Franey
    Chief Marketing Officer
    GatewayCDI

    **Original Comment **

    Dear Valued Mozilla Customer:

    It has been brought to our attention that the Mozilla Store has had a security breach. We take all security breaches very seriously, and are working hard to determine the extent of the violation. In the meantime, the site has been taken down as a protective measure.

    At this time we do not believe any credit card information has been compromised. However, some Mozilla Store customers’ user names and passwords have been exposed. It is our strong recommendation that all Mozilla Store customers proactively change their user name and passwords for their Mozilla Store account and all other accounts that use the same information. We will not bring the site back up until we are confident that we have addressed all security issues. A notification will be sent to you when the site goes back up.

    GatewayCDI apologizes for any inconvenience this may cause. We value our customers and their online security is a top priority to our organization.

    Sincerely,

    Conrad Franey
    Chief Marketing Officer
    GatewayCDI

    Added on August 5th, 2009 at 12:41 pm

  9. 9

    Pingback from Falha de segurança obriga Fundação Mozilla a fechar loja : Geek Gear

    [...] Via The Mozilla Blog [...]

    Added on August 5th, 2009 at 1:02 pm

  10. 10

    Pingback from Internet Evolution - Security Clan Editor's Blog - 'Off' Switch a New Tool in Security Arsenal

    [...] run the backend of the Mozilla Store, suffered a security breach," the software vendor said on its company blog yesterday. "Once notified, we took the immediate preventative step of shutting down the Mozilla [...]

    Added on August 5th, 2009 at 1:14 pm

  11. 11

    Pingback from Tripletech TI Solutions » Falha de segurança fecha loja da Mozilla

    [...] para garantir que as contas dos usuários não sejam comprometidas”, informou a companhia em seu blog oficial. A prestadora de serviços está investigando o sistema para definir a identidade dos clientes [...]

    Added on August 5th, 2009 at 3:26 pm

  12. 12

    Pingback from Webwinkel Mozilla gehackt - BLOG PC Web plus -

    [...] partij die de backend voor de Mozilla Store regelt, gehackt was. Mozilla zou GatewayCDI hebben aangemoedigd om alle betrokken individuen wier gegevens gestolen zijn zo spoedig als mogelijk te [...]

    Added on August 6th, 2009 at 12:40 am

  13. 13

    Pingback from Mozilla shuts online store after security breach

    [...] said it found out about the breach on Monday (August 4, 2009) and took the immediate preventative step of shutting down the Mozilla [...]

    Added on August 6th, 2009 at 2:07 am

  14. 14

    Pingback from Falha de segurança fecha loja da Mozilla - Linha digital ~]

    [...] para garantir que as contas dos usuários não sejam comprometidas”, informou a companhia em seu blog oficial. A prestadora de serviços está investigando para encontrar os clientes prejudicados, ainda é [...]

    Added on August 6th, 2009 at 4:48 am

  15. 15

    Pingback from Mozilla Shut Down E-Store after Firefox Security Leak « Boonx's Blog

    [...] vendor entrusted to run the backend of the Mozilla Store, suffered a security breach," Mozilla wrote on its blog. "Once notified, we took the immediate preventative step of shutting down the Mozilla Store to [...]

    Added on August 6th, 2009 at 9:06 am

  16. 16

    Pingback from Mozilla E-Store Hacked | IT Security Blog

    [...] firm that Mozilla had hired to deal with their backend operations has suffered a security breach. Mozilla immediately issued a statement about the issue: Today, Mozilla discovered that GatewayCDI, the third-party vendor entrusted to run the backend of [...]

    Added on August 6th, 2009 at 10:31 am

  17. 17

    Pingback from Techknology’s Blog » Mozilla Shut Down E-Store after Firefox Security Leak

    [...] vendor entrusted to run the backend of the Mozilla Store, suffered a security breach,” Mozilla wrote on its blog. “Once notified, we took the immediate preventative step of shutting down the Mozilla Store [...]

    Added on August 6th, 2009 at 2:05 pm

  18. 18

    Pingback from Special Blog to All » Mozilla Store Vendor Security Breach :: The Mozilla Blog

    [...] the rest here:  Mozilla Store Vendor Security Breach :: The Mozilla Blog This entry is filed under Blog. You can follow any responses to this entry through the RSS 2.0 [...]

    Added on August 6th, 2009 at 2:57 pm

  19. 19

    Pingback from Mozilla Store suspende operaciones por problema de seguridad

    [...] : – Mozilla Store Vendor secutiry breach (blog de Mozilla) – Mozilla Store security breached (InformationWeek) Post a [...]

    Added on August 6th, 2009 at 7:04 pm

  20. 20

    Pingback from BagulhoDoido » Blog Archive » Falha de segurança obriga Fundação Mozilla a fechar loja

    [...] Via The Mozilla Blog [...]

    Added on August 7th, 2009 at 6:33 pm

  21. 21

    Pingback from BagulhoDoido » Blog Archive » Falha de segurança obriga Fundação Mozilla a fechar loja

    [...] The Mozilla Blog AKPC_IDS += "135,";Popularity: unranked [...]

    Added on August 7th, 2009 at 6:35 pm

  22. 22

    Pingback from Falha de segurança obriga Fundação Mozilla a fechar loja « Bagulho Doido

    [...] The Mozilla Blog AKPC_IDS += "4,";Popularity: unranked [...]

    Added on August 7th, 2009 at 6:52 pm

  23. 23

    Pingback from Mozilla Store closed after security breach | Cafe Blog

    [...] a blog post Mozilla confirmed that it had decided to suspend the store after it was discovered that GatewayCDI, [...]

    Added on August 8th, 2009 at 12:35 am

  24. 24

    Pingback from International Mozilla Store Back Online | Easy Firefox

    [...] Mozilla Store offline as a precautionary measure after being notified of the GatewayCDI security breach that impacted the North American Mozilla Store. After verifying the security of the International [...]

    Added on August 10th, 2009 at 6:10 pm

  25. 25

    Pingback from International Mozilla Store Back Online « My Blog

    [...] Mozilla Store offline as a precautionary measure after being notified of the GatewayCDI security breach that impacted the North American Mozilla Store. After verifying the security of the International [...]

    Added on August 13th, 2009 at 10:35 pm

  26. 26

    Pingback from Mozilla suspende operações da loja online por brecha de segurança | GUIA MCITP

    [...] “A Mozilla descobriu uma falha de segurança no serviço da GatewayCDI e tomamos imediatamente uma providência preventiva suspendendo a Mozilla Store para nos certificarmos de que nossos usuários não seriam prejudicados”, alertou a companhia em seu blog. [...]

    Added on August 15th, 2009 at 6:51 am

  27. 27

    Pingback from Mozilla closes shop due to vendor security breach | Endpoint Security Info

    [...] GatewayCDI, an SMB with offices in three US cities, which runs the Mozilla Store, the foundation said in a blog post quoted by the Register. There is still no information to confirm whether any customers of the [...]

    Added on August 24th, 2009 at 9:40 pm

Categories

Archives

Subscribe to this blog

About This Blog

The Mozilla Blog is a 360 degree look at the goings-on within the Mozilla community, including news, opinions, events, tips & tricks and more.