The site had to close briefly while the attack was cleaned up. It is not known whether the attack was an attempt to place Trojan software on the site or to use the accounts of registered users as a spam directory.
"It appears that a part of Spread Firefox was hacked in an attempt to use it to send out spam," said Asa Dotzlerin on the site's blog.
"It doesn't look like the attacker accessed any personal data on the site, but to be safe we're encouraging all our users to log in and change their passwords.
"If you have an account with Spread Firefox, you probably received an email about this with instructions for updating your password."
The site stores details of members' email and instant messaging accounts, along with street names and birthdays.
Spread Firefox raised more than $200,000 last December for a two-page ad for Firefox in The New York Times and has a claimed membership of about 100,000.
Antarctica lost on average 252 gigatons of ice mass per year from 2009 to 2017, claims study
Buyers can demand refunds if they've had a game for no more than 14 days and not registered more than two hours of play
Total lunar eclipse 2019: 'Super Blood Wolf Moon' to be visible across Europe and North America on Sunday night
Moon will turn reddish-orange in colour during this weekend's total lunar eclipse
Hackers to compete for prize money of between $35,000 and $250,000 cracking the Tesla Model 3 at this year's Pwn2Own contest