Google has accidentally published the usernames and passwords of people signed up to its anti-phishing service.

The information was contained in 15 URLs submitted to the software giant through its Firefox toolbar. Those signed up were able to report Web pages they suspect to belong to phishing sites but unfortunately in some cases the person's log-in details, as well as their email address and the session details were also published publicly.

Google has since removed the details and said it has put in place a system that will prevent it from happening again. "We are in the process of notifying the users who inadvertently disclosed this information and suggesting that they reset associated passwords," Google said in a statement.

The sensitive information was formed by security company Finjan and reported to Google in early January. It has posted an example of the data on its website.