Firefox Community Site Hacked Again

For a second time, the Web site used to promote the adoption of Mozilla's Firefox Web browser has been compromised by hackers. The remote attackers potentially accessed SpreadFirefox.com by exploiting a security flaw in the TWiki software installed on the server.

The problem was limited to SpreadFirefox.com and did not affect mozilla.org or any Mozilla software. TWiki was disabled as soon as the intrusion was discovered.

"We have scanned Spread Firefox servers and at this time do not believe any sensitive data was taken, but as a precautionary measure we have shutdown the site and will be rebuilding the web site from scratch," read a notice e-mailed to registered members.

Information provided by Spread Firefox users and stored on the server include a real name, a URL, an email address, IM names, a street address, a birthday, and private messages to other users.

The site will remain offline until around October 15. In the meantime, Spread Firefox administrators recommend that users assume their password could have been accessed and change the password of any account using the same login details.

In mid-July, the Spread Firefox site suffered a similar break-in, and at the time said it was taking the necessary steps to make sure such an incident did not happen again.

"Unfortunately, those procedures overlooked the installation of the TWiki software since it is not used by the main Spread Firefox site," the Mozilla Foundation explained. "When the system is rebuilt, all the software will be audited to ensure that security updates will be applied in a timely manner. We deeply regret this incident and any inconvenience this may have caused you."