The company said the vulnerability discovered in January didn't compromise user passwords, but some personal information may have been exposed.