*The flaw, in Passport's password recovery mechanism, could have allowed an attacker to change the password on any account to which the username is known. The simplicity of the attack method and the high value of the data frequently stored in Passport accounts--names, addresses, birthdates and credit card numbers--combined to make the vulnerability critical.*

Cnet News.com