Mozilla has confirmed that a partial database containing usernames and password hashes belonging to users of addons.mozilla.org was mistakenly left on a public server.
As Sophos security expert Chester Wisniewski notes, Mozilla stored the compromised passwords set before April 9th, 2009 as MD5 hashes, rather than plain text.
"[But] MD5...
