Full Report
In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership. But nearly a year later, Mozilla is still promoting it to Firefox users.
Analysis Summary
# Incident Report: Overlap of Interest and Delayed Separation Between Mozilla/Onerep Partnership
## Executive Summary
This event details the fallout following an investigation revealing that the founder of the Mozilla-partnered data removal service, Onerep, also founded numerous people-search and data broker firms, directly contradicting Onerep’s stated mission. Despite Mozilla initially stating an intent to terminate the partnership due to misaligned values, the separation has been significantly delayed, with Onerep remaining the backend provider for Mozilla Monitor’s service nearly a year later.
## Incident Details
- Discovery Date: Mid-March 2024
- Incident Date: Ongoing (Investigation published mid-March 2024)
- Affected Organization: Mozilla (and its Firefox/Mozilla Monitor users)
- Sector: Technology/Internet Services, Data Privacy
- Geography: Not explicitly stated, but involves global data broker operations (Belarusian CEO).
## Timeline of Events
### Initial Access
- Date/Time: Not applicable (This incident concerns a partnership disclosure, not a cyber intrusion).
- Vector: Public investigative journalism (KrebsOnSecurity).
- Details: Investigations revealed that Onerep’s founder, Dimitiri Shelest, founded dozens of people-search services, including the known data broker Nuwber, since 2010.
### Lateral Movement
- Not applicable.
### Data Exfiltration/Impact
- Users relying on Mozilla Monitor (powered by Onerep) are being serviced by a vendor whose leadership is deeply involved in the industry they claim to combat, leading to potential reputational damage for Mozilla and questioning the efficacy of the service provided.
- Indirect association noted between Onerep/Nuwber and the problematic data broker Radaris.
### Detection & Response
- **Detection:** Publication of the KrebsOnSecurity investigation in mid-March 2024.
- **Response Actions:**
- Mozilla initially stated customer data was safe and pledged to work on a transition plan to find a values-aligned replacement provider.
- In October 2024 (nearly 7 months later), Mozilla publicly stated the vendor search was taking longer than anticipated and Onerep **remained the backend provider** to ensure uninterrupted service.
## Attack Methodology
This was a reputational and partnership integrity issue, not a technical cyberattack. The "attack" vector was investigative journalism exposing a conflict of interest.
- Initial Access: Investigative reporting uncovering historical business activities.
- Persistence: Onerep’s continued operation as the backend provider for Mozilla Monitor.
- Privilege Escalation: Not applicable.
- Defense Evasion: Not applicable.
- Credential Access: Not applicable.
- Discovery: Public disclosure of business links.
- Lateral Movement: Not applicable.
- Collection: Not applicable.
- Exfiltration: Not applicable.
- Impact: Erosion of trust in Mozilla's commitment to user privacy advocacy.
## Impact Assessment
- Financial: Not specified, but potential loss of user trust and potential contract cancellation costs for Mozilla.
- Data Breach: No customer data breach reported from the Onerep service itself, but data handling ethics were questioned.
- Operational: Uninterrupted service delivery maintained by retaining the current vendor during the prolonged vendor search.
- Reputational: Damage to Mozilla’s brand integrity due to the protracted partnership with the revealed data broker founder.
## Indicators of Compromise
- Not applicable (Non-malicious disclosure).
## Response Actions
- **Containment:** Mozilla confirmed customer data was not at risk.
- **Eradication:** An active search for a new, values-aligned backend vendor was initiated.
- **Recovery:** Continued offering of the service using the existing vendor while due diligence on new partners proceeds to ensure "uninterrupted services."
## Lessons Learned
- **Vendor Diligence:** Mozilla failed to adequately vet the ethical alignment of Onerep's leadership prior to establishing the partnership, leading to a public contradiction of their values.
- **Commitment to Values:** The significant delay in replacing Onerep (ongoing nearly a year later) suggests finding a "technically excellent and values-aligned partner" is severely lagging, potentially prioritizing service continuity over immediate ethical alignment.
## Recommendations
- Immediately expedite the vendor selection process for the Mozilla Monitor backend service, prioritizing established privacy advocates over current vendors who have significant conflicts of interest.
- Implement enhanced, continuous ethical audits for critical third-party services that handle or manage user privacy data.