On Oct 11, 2011, at 12:13 PM, Jeremy White wrote:
> Unfortunately, the attackers were able to download the full login
> database for both the appdb and bugzilla. This means that they have all
> of those emails, as well as the passwords. The passwords are stored
> encrypted, but with enough effort and depending on the quality of the
> password, they can be cracked.
>
> This, I'm afraid, is a serious threat; it means that anyone who uses the
> same email / password on other systems is now vulnerable to a malicious
> attacker using that information to access their account.
Since bugzilla passwords were sent in cleartext anyway, I sincerely hope none of them were otherwise valuable. (Remember FireSheep?)