The login information was contained in 15 URLs submitted through Google's Firefox toolbar, which lets users report Web pages they suspect to belong to phishing sites. Most of the URLs on the list didn't have login
said it also has implemented a mechanism that detects when a submitted
URL contains login data and prevents that information from getting
posted to the list.
"We are in the process of notifying the users who inadvertently disclosed this information and suggesting that they reset
associated passwords," Google said in an e-mailed statement.