Earlier this month, Gawker was attacked, resulting in a huge leak of Gawker network account passwords. Earlier today, it was found that a security researcher stumbled upon a database of 44,000 usernames and passwords associated with accounts registered on the Mozilla add-ons website.
The partial database of user accounts was mistakenly left on a Mozilla public server, which would have allowed anyone to access the account usernames and the password hashes.
In this case, it seems that the researcher involved is the only one who accessed the passwords. The potential breach was reported via Mozilla’s Web Bounty program, which rewards external, non-employee security professionals $500 to $3,000 to find and submit bugs to Mozilla.
At this point, the risk is minimal. Unlike the Gawker hack, it seems these accounts only exposed to one person. Also, the accounts are mostly inactive. Still, for users that use the same usernames and passwords across multiple sites, you may want to change your password.