On Friday, Mozilla team have posted on the blog post about the security issue on which about 76,000 e-mail addresses and 4,000 password hashes were left on a publicly accessible server for about 30 days beginning June 23.
If there would have been any kind of data-theft on to the Mozilla server and then the data stolen from the database, may not use the passwords to access Mozilla Developer Network accounts but they may be able to access other user accounts secured with the same cracked passcode.
The encrypted passwords were salted hashes and they by themselves cannot be used to authenticate with the MDN website today. Still, it is possible that some MDN users could have reused their original MDN passwords on other non-Mozilla websites or authentication systems - Mozilla wrote
Mozilla mentioned that they have send the notice to the affected users via email along with the encrypted passwords disclosed. Mozilla asked its affected users to change the password immediately and also change the password of all the other account's that were using the same password.
Lastly, Mozilla team says that they are looking to make the Mozilla infrastructure more secure to avoid these happenings.
In addition to notifying users and recommending short term fixes, we’re also taking a look at the processes and principles that are in place that may be made better to reduce the likelihood of something like this happening again. If you have questions, please reach out [email protected]