Hackers managed to compromise the website of Comodo Brazil and extracted sensitive information about the company's SSL certificate customers.
It seems the attack vector used in this case was SQL injection. A partial database dump was posted on pastebin.com Saturday together with information about the vulnerability.
The compromised data includes certificate authority name, email, fax, phone number, order number, certficate request, private key file name and other details.
Customer details like organization names, addresses, telephones, domain names, type of web servers, serial numbers and more, are also included.
There is also a list of what appears to be employee accounts, with @comdobr.com email addresses and hashed passwords. The password for an account called email@example.com (validation@) is listed in plain text.
The password was most likely posted like this intentionally by attackers, because all hashes appear to be unsalted MD5 and are trivial to crack.
More details - link