Mozilla is reporting that a database which included 44,000 older user accounts from addons.mozillia.org was exposed on public servers. The older accounts passwords were stored using MD5, newer password continue to be stored using SHA-512. Other information including email and mailing addresses were exposed.

They have posted that they have fully accounted for down loads of the data base and forced reset of the passwords on the accounts stored with MD5. Exposure of valid email address, first names, last names and addresses represents risk for users which may belong to the site. (Many are developers and IT personal.)

It is important that organizations define what is considered personally identifiable information of emplyees.