Mozilla shuts Firefox e-store after security breach
Blames firm that runs store's backend ops; no details on what was accessed, when or how
Computerworld - Mozilla shuttered its online store late Tuesday after finding out that the firm it hired to run the backend operations of the company's e-tailing business had suffered a security breach.
It was unclear whether the vendor, St. Louis-based GatewayCDI, which bills itself as a "promotional products distributor and incentive company," notified Mozilla or whether the browser maker found out about the breach some other way.
"Today, Mozilla discovered that GatewayCDI, the third-party vendor entrusted to run the backend of the Mozilla Store, suffered a security breach," Mozilla said in a warning on its Web site. "Once notified, we took the immediate preventative step of shutting down the Mozilla Store to ensure that no additional users could be compromised."
Mozilla also took the international edition of its e-store offline as a precaution, although that effort is maintained by a separate partner.
Late Tuesday, both stores displayed messages that they were "closed for maintenance;" neither message, however, spelled out the reason.
The stores sell promotional items, such as T-shirts, backpacks, coffee mugs and mouse pads emblazoned with company logos, as well as the Firefox browser on CD.
Mozilla's announcement did not detail the extent of the breach, what information hackers might have accessed or stolen, or how the breach happened. GatewayCDI was not available late Tuesday, and there was no notice on its site that it had sustained a breach.
"Mozilla immediately reached out to GatewayCDI and encouraged them to quickly inform individuals whose data had been compromised," said Mozilla. "GatewayCDI is currently investigating their systems and determining the cause and extent of the breach."
According to Mozilla, its online store may be closed for some time. "The store will only be reinstated once we have a satisfactory assurance of ongoing login security and data privacy," the company said.
The incident was the first for Mozilla, an open-source developer that prides itself on its operational transparency.
The company's Firefox accounts for about 22.5% of the browser market, according to the most recent data from Web metrics firm Net Applications.
Read more about Security in Computerworld's Security Topic Center.
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- 5 Ways Dropbox for Business Keeps Your Data Protected Protecting your data isn't a feature on a checklist, something to be tacked on as an afterthought. Download here to find out how...
- The Keys to Securing Data in a Collaborative Workplace Losing data is costly. IT professionals have spent years learning how to protect their organizations from hackers, but how do you ward off...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!