July 18, 2005, 9:51 AM — A Web site used to promote the Firefox Web browser has been hacked, potentially compromising personal information about thousands of volunteer supporters of the open-source software. The attack, which shut down the spreadfirefox.com Web site for several days over the past week, was disclosed Thursday in an e-mail message sent to Spread Firefox members by The Mozilla Foundation, which develops the browser and runs the Web site.
Firefox developers could not say for certain whether any Spread Firefox member information had been compromised.
"It appears that a part of Spread Firefox was hacked in an attempt to use it to send out spam," wrote Firefox developer Asa Dotzler in a Friday Web log posting. "It doesn't look like the attacker accessed any personal data on the site, but to be safe, we're encouraging all of our users to log in and change their passwords."
Attackers accessed the site on Sunday by exploiting an undisclosed vulnerability in the Drupal content management software used to run the site, said Rafael Ebron, product marketing manager with The Mozilla Foundation.
Spread Firefox, known as the organization that raised more than US$200,000 to run a two-page Firefox ad in The New York Times last December, has a membership of about 100,000, according to Ebron.
Those users have now possibly had information such as their e-mail addresses, instant messaging names, street addresses and birthdays compromised, according to Rafael.