According to Mr Sookun, 269,146 email addresses are publicly available. This is because the directories where the files are kept on the server allow public access. As he stated in his blog post, this database would be a gold mine for spammers.
Not satisfied with this, he decided to do some further search by visiting other directories.He was once again shocked when he came across two administrator’s unencrypted credentials, that is, usernames and plain text passwords. One was for the blog MySQL database and the other for the newsletter application. Mr Sookun reported this issue to CERT-MU and at the time of publishing, he stated he hasn’t received any reply from them.
Source: [Click Here!]