Mozilla Store users suffer data breach

Change user names and passwords immediately.

Users of the Mozilla Store have been warned to change their log-in passwords and user names if they use the same credentials on multiple sites, after the online store was breached earlier this week.

The organisation said in a blog post that GatewayCDI, a third-party provider which runs the online store's back end, had suffered a breach.

"Once notified, we took the immediate preventative step of shutting down the Mozilla Store to ensure that no additional users could be compromised," said Mozilla.

"Mozilla immediately reached out to GatewayCDI and encouraged them to quickly inform individuals whose data had been compromised."

GatewayCDI chief marketing officer Conrad Franey initially told customers that his company did not believe any credit card information had been compromised, but did acknowledge a breach of Mozilla Store customers' user names and passwords.

"It is our strong recommendation that all Mozilla Store customers proactively change their user name and password for their Mozilla Store account and all other accounts that use the same information," he said.

A second communication from Farney then explained that user details would actually be deleted from the firm's database as a precaution, but that users should still change their log-in credentials on other sites if they were the same.

GatewayCDI said that it is currently undergoing a security audit which will be completed by the end of this week. At the time of writing the Mozilla Store was still out of action, displaying a 'closed for maintenance' message.

Graham Cluley, senior technology consultant at Sophos, was sympathetic about Mozilla's plight.

"From the sound of things they did nothing wrong other than put their trust in a third-party e-commerce company, and yet it's Mozilla's name which will make the headlines and be tarnished as a result of this," he wrote on the Sophos blog.