One of our developers discovered that, starting on about May 4th, 2014, for a period of around 3 months, during the migration of our testing server for test builds of the Bugzilla software, database dump files containing email addresses and encrypted passwords of roughly 97,000 users of the test build were posted on a publicly accessible server. As soon as we became aware, the database dump files were removed from the server immediately, and we’ve modified the testing process to not require database dumps.
more here...........http://bugzillaupdate.wordpress.com/2014/08/27/landfill-bugzilla-org-disclosure/
more here...........http://bugzillaupdate.wordpress.com/2014/08/27/landfill-bugzilla-org-disclosure/