All the latest UK technology news, reviews and analysis
|
|
|
06 Aug 2009
Users of the Mozilla Store have been warned to change their log-in passwords and user names if they use the same credentials on multiple sites, after the online store was breached earlier this week.
The organisation said in a blog post that GatewayCDI, a third-party provider which runs the online store's back end, had suffered a breach.
"Once notified, we took the immediate preventative step of shutting down the Mozilla Store to ensure that no additional users could be compromised," said Mozilla.
"Mozilla immediately reached out to GatewayCDI and encouraged them to quickly inform individuals whose data had been compromised."
GatewayCDI chief marketing officer Conrad Franey initially told customers that his company did not believe any credit card information had been compromised, but did acknowledge a breach of Mozilla Store customers' user names and passwords.
"It is our strong recommendation that all Mozilla Store customers proactively change their user name and password for their Mozilla Store account and all other accounts that use the same information," he said.
A second communication from Farney then explained that user details would actually be deleted from the firm's database as a precaution, but that users should still change their log-in credentials on other sites if they were the same.
GatewayCDI said that it is currently undergoing a security audit which will be completed by Friday. At the time of writing the Mozilla Store was still out of action, displaying a 'closed for maintenance' message.
Graham Cluley, senior technology consultant at Sophos, was sympathetic about Mozilla's plight.
"From the sound of things they did nothing wrong other than put their trust in a third-party e-commerce company, and yet it's Mozilla's name which will make the headlines and be tarnished as a result of this," he wrote on the Sophos blog.
Latest stories from Web
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Project Manager, London - Software Solutions (Project...
Project Manager - Hampshire - up to £32K - Fixed Term...
Senior Customer Support Consultant - 2nd/3rd Line Support...
C++/C#/Java developer for a global investment bank within...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Why didn't Google do the same?
According to info on Google's GoogleStore.com site, they use the same processor: "Your credit card will be charged by Google. "GOOGLE * Store " will appear by the charge on your credit card statement. To process your order, GatewayCDI will have access to your address, email, and phone number. "
Posted by: EJ 10 Aug 2009
Data Security Frequently a Matter of Luck
Most companies enjoy "security" insofar as they haven't been targeted, or had an employee make a human error with catastrophic exposure. Price Waterhouse Cooper and Carnegie-Mellon's CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. Data breaches and thefts are due to a lagging business culture - absent new eCulture, breaches will, and continue to, increase.
Posted by: John Franks 06 Aug 2009