All the latest UK technology news, reviews and analysis
|
|
|
06 Aug 2009
Users of the Mozilla Store have been warned to change their log-in passwords and user names if they use the same credentials on multiple sites, after the online store was breached earlier this week.
The organisation said in a blog post that GatewayCDI, a third-party provider which runs the online store's back end, had suffered a breach.
"Once notified, we took the immediate preventative step of shutting down the Mozilla Store to ensure that no additional users could be compromised," said Mozilla.
"Mozilla immediately reached out to GatewayCDI and encouraged them to quickly inform individuals whose data had been compromised."
GatewayCDI chief marketing officer Conrad Franey initially told customers that his company did not believe any credit card information had been compromised, but did acknowledge a breach of Mozilla Store customers' user names and passwords.
"It is our strong recommendation that all Mozilla Store customers proactively change their user name and password for their Mozilla Store account and all other accounts that use the same information," he said.
A second communication from Farney then explained that user details would actually be deleted from the firm's database as a precaution, but that users should still change their log-in credentials on other sites if they were the same.
GatewayCDI said that it is currently undergoing a security audit which will be completed by Friday. At the time of writing the Mozilla Store was still out of action, displaying a 'closed for maintenance' message.
Graham Cluley, senior technology consultant at Sophos, was sympathetic about Mozilla's plight.
"From the sound of things they did nothing wrong other than put their trust in a third-party e-commerce company, and yet it's Mozilla's name which will make the headlines and be tarnished as a result of this," he wrote on the Sophos blog.
Latest stories from Web
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Contract Systems Administrator, Southampton My...
PHP Web Developer required to join my market-leading...
Java Developer x2, Spring, Hibernate, Swindon, £40K...
As part of a major implementation of a new inventory...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Why didn't Google do the same?
According to info on Google's GoogleStore.com site, they use the same processor: "Your credit card will be charged by Google. "GOOGLE * Store " will appear by the charge on your credit card statement. To process your order, GatewayCDI will have access to your address, email, and phone number. "
Posted by: EJ 10 Aug 2009
Data Security Frequently a Matter of Luck
Most companies enjoy "security" insofar as they haven't been targeted, or had an employee make a human error with catastrophic exposure. Price Waterhouse Cooper and Carnegie-Mellon's CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. Data breaches and thefts are due to a lagging business culture - absent new eCulture, breaches will, and continue to, increase.
Posted by: John Franks 06 Aug 2009