User data for some registered developers of Mozilla Add-ons was temporarily exposed by mistake on a Mozilla server. Mozilla has disabled those users' accounts until they reset their passwords.
As a registered user, I received an e-mail last night from Chris Lyon, Director of Infrastructure Security at Mozilla, informing me of the breach, which occurred on December 17 and was discovered by "a 3rd party," identified as a security researcher in a subsequent blog post on the matter. A file was on the server containing "...a partial representation of the users database from addons.mozilla.org. The file included email addresses, first and last names, and an md5 hash representation of your password."

The letter stated that, apart from the referenced 3rd party, only Mozilla staff had downloaded the file before it was removed. They have also identified how the file came to be on the server and have take steps to prevent it being repeated.

The link for this article located at PC Magazine Blogs is no longer available.