Mozilla accidentally published 44,000 user ID details.
Mozilla, the developers of browser Firefox, revealed that a database that contained usernames and password hashes of users of addons.mozilla.org had been made public inadvertently.
According to them, 44,000 user IDs and password hashes were made public and those who were potentially affected have already been contacted via email.
Passwords stored before 9 April 2009 were stored by a method that had weaknesses allowing experts to still access accounts. Since then, more secure methods have been used.
Mozilla has been forthcoming about the breach and shared information regarding it on their security blog.
The director of infrastructure security at Mozilla, Chris Lyon, said that they were made aware that the database was mistakenly left on a Mozilla public server. He added, "We were able to account for every download of the database. This issue posed minimal risk to users, however as a precaution we felt we should disclose this issue to people affected and err on the side of disclosure."
The database included 44,000 inactive accounts using older password hashes, and all the passwords have been deleted, rendering the accounts disabled.
However, if you've been contacted by Mozilla, perhaps it might be a good idea to change your password anyway. Just in case.
Post on T3's Twitter and Facebook feeds if you were one of the 44,000 people contacted, and follow us for the latest news in all things tech.