A website used to promote the Firefox Web browser has been hacked, potentially compromising personal information about thousands of volunteer supporters of the open-source software. The attack, which shut down the spreadfirefox.com website for several days over the past week, was disclosed in an e-mail sent to Spread Firefox members by The Mozilla Foundation, which develops the browser and runs the site.
Firefox developers could not say for certain whether any Spread Firefox member information had been compromised.
"It appears that a part of Spread Firefox was hacked in an attempt to use it to send out spam," wrote Firefox developer Asa Dotzler in a Friday blog posting. "It doesn't look like the attacker accessed any personal data on the site, but to be safe, we're encouraging all of our users to log in and change their passwords."
Attackers accessed the site by exploiting an undisclosed vulnerability in the Drupal content management software used to run the site, said Rafael Ebron, product marketing manager with The Mozilla Foundation.
Spread Firefox, known as the organisation that raised more than US$200,000 to run a two-page Firefox ad in The New York Times last December, has a membership of about 100,000, according to Ebron.
Those users have now possibly had information such as their e-mail addresses, instant messaging names, street addresses and birthdays compromised, according to Rafael.