Mozilla has closed down its online store after finding out that the firm it hired to run the back-end operations of the company's e-tailing business had suffered a security breach.
It was unclear whether the vendor, GatewayCDI, which bills itself as a "promotional products distributor and incentive company," notified Mozilla or whether the browser maker found out about the breach some other way.
"Today, Mozilla discovered that GatewayCDI, the third-party vendor entrusted to run the backend of the Mozilla Store, suffered a security breach," said Mozilla in a warning on its website. "Once notified, we took the immediate preventative step of shutting down the Mozilla Store to ensure that no additional users could be compromised." Mozilla also took the international edition of its e-store offline as a precaution, although that effort is maintained by a separate partner.
Both stores currently display messages that they were "closed for maintenance;" neither message, however, spelled out the reason.
The stores sell promotional items, such as T-shirts, backpacks, coffee mugs and mouse pads emblazoned with company logos, as well as the Firefox browser on CD..
"Mozilla immediately reached out to GatewayCDI and encouraged them to quickly inform individuals whose data had been compromised," said Mozilla. "GatewayCDI is currently investigating their systems and determining the cause and extent of the breach."
According to Mozilla, its online store may be closed for some time. "The store will only be reinstated once we have a satisfactory assurance of ongoing login security and data privacy," the company said.
The incident was the first for Mozilla, an open-source developer that prides itself on its operational transparency.