Mozilla announced that its US official store website had been shut down due to a security breach that resulted in costumer data being compromised. GatewayCDI, the third-party vendor operating the site's back-end, is currently investigating the incident.
The Mozilla Store website, store.mozilla.com, was launched by the Mozilla Corporation back in 2005 and is a place for US-based fans to acquire Mozilla-branded T-shirts, gear, outwear, software and other merchandise. The orders are fulfilled by a San Louis-based distribution company called GatewayCDI.
In a brief post
published yesterday on its official blog, Mozilla explains that GatewayCDI suffered a security breach. "Once notified, we took the immediate preventative step of shutting down the Mozilla Store to ensure that no additional users could be compromised," the corporation says.
There is little information about the incident available in the announcement itself, but it is clear that some sensitive customer data has been compromised. The number of affected customers is not yet known and GatewayCDI is working to determine that. "Mozilla Store customers who are affected will be contacted directly by GatewayCDI," it is noted.
As a precautionary measure, the Mozilla International Store at intlstore.mozilla.org has also been taken offline, even if it is maintained by a different company called Merchandise Mania, based in the UK. This decision was taken because it uses the same platform as the US store.
The Community Store located at communitystore.mozilla.org, which sells products designed or customized by the community, is still online and functioning at normal parameters. According to the corporation, this website could not have been affected by the security breach, as it runs on a completely separate system.
"Mozilla is committed to user privacy and the store will only be reinstated once we have a satisfactory assurance of ongoing login security and data privacy," the corporation stresses.
We will return with more information as/if it becomes available.