Australian social media software developer Atlassian has suffered a web site outage after a swarm of customers came to the site seeking information on a data breach.
Customers swamped Atlassian's web servers after the company advised them to change their passwords following a data breach.
The breach was detected Monday morning and potentially exposed passwords for customers who purchased Atlassian products before July 2008.
In an attempt to be as "open as possible", the company notified all customers to change their usernames and passwords.
In a blog post, Atlassian co-founder Mike Cannon-Brookes said the notification led to "hundreds of thousands of accounts changing passwords simultaneously, causing its web servers to "crumple and cause yet more user alarm."
"We apologise for the extra consternation this caused - our web servers are now back purring along as normal. In summary - we've made mistakes, we're sorry and we're fixing them," he said.
Cannon-Brookes warned customers who haven't already changed their details to "definitely change your password with us".
He also reaffirmed that no credit card or payment, financial or SaaS-customer information was accessible or exposed.
"The worst case here, which we take very seriously, is that the password used by customers that purchased before June 2008 to logon to http://my.atlassian.com was exposed," he said.
Atlassian has a number of high profile customers including the Queensland Office of Gaming Regulation, Roads and Traffic Authority (NSW, Australia), the US Supreme Court, the National Library of Australia and Microsoft.
Cannon-Brookes said Atlassian migrated its customer database to the encrypted Atlassian Crowd single-sign on in July 2008. However, the old database table was not taken offline or deleted.
Cannon-Brookes admits the company "made a big error. For this we are, of course, extremely sorry.
"In hindsight, we should have reset passwords for affected users on their behalf."
Cannon-Brookes said the company is "feverishly researching the breach. Once we've concluded our investigation, we'll provide another update."
Atlassian has not yet responded to calls for further comment at the time the story went to press.