Attacker compromised Mozilla bug system, stole private vulnerability data
by Dennis Fisher
Security experts constantly tell users not to reuse passwords on multiple accounts, but the message often falls on deaf ears. Now, officials at Mozilla are finding that advanced users dont always follow that advice either after discovering that an attacker was able to compromise a Bugzilla users account by using a password taken from a data breach on a separate site.
The attacker may have known who he was hitting, because the target was a privileged user who had restricted access to sensitive information about security bugs in Mozilla products. Bugzilla is the big-tracking system used by Mozilla for its various projects, and while much of the information is public, a subset of it is kept private. Specifically, information about security flaws that are in the process of being fixed or evaluated is kept private until a patch is available or the company decides not to fix it.
To read the entire article, please click here.
Source: https://threatpost.com/
