In the latest incident of data hacking, Mozilla users have had to bear the brunt after the bug tracking and testing tool Bugzilla was infringed. The hackers, after stealing sensitive data from the tool, used it to attack Mozilla Firefox users sending them into panic mode.
For the uninitiated, Bugzilla is an open source program that is mostly public except for security-sensitive data that is only restricted for a select few. Through this program, Mozilla tracks bugs in software that trigger the display of unexpected results when a user is using the Firefox browser.
To curb the reach of the hackers and to minimize the damage caused to users, Mozilla promptly shut down the account that was infiltrated and a high level investigation has also been initiated. While not much was known about the plans of the hackers and the impact this breach instance has had on the users, it is interesting to note that several other tech giants are also using the Bugzilla program as it is an open source platform. The names of organizations in this list include Red Hat, Apache, Gnome, LibreOffice and Eclipse, among others.
In a statement issued by Mozilla officials, they reiterated that “We are updating bugzilla’s security practices to reduce the risk of future attacks of this type. As an immediate first step, all users with access to security-sensitive information have been required to change their passwords and use two-factor authentication. We are reducing the number of users with privileged access and limiting what each privileged user can do. In other words, we are making it harder for an attacker to break in, providing fewer opportunities to break in, and reducing the amount of information an attacker can get by breaking in.”
While it remains to be confirmed yet, initial investigations have revealed that the stolen data was being sent to a remote server in Ukraine. Mozilla further shared that the hackers were manipulating the stolen data to inject a malicious script into the victim’s machine that stealthily looked for key files in the device and uploaded the same to the remote server. As soon as a Firefox user would load an infected webpage, the script would run on the system and start its undercover activities.
Mozilla’s latest update, Firefox 40, is being touted as the security cover that one needs. This update has the potential to address all vulnerabilities that the hackers may have learnt about and thereby prevent harming you.