

RockYou explains how a hacker stole 32 million passwords - mun411
http://digital.venturebeat.com/2009/12/15/rockyou-explains-how-a-hacker-stole-32-million-passwords-and-what-its-doing-about-it/

======
mattwdelong
What gets me in this situation is that RockYou is apparently "accepting
responsibility" for this breach of security, admitting that users are
susceptible to identity theft if they use the same email/password across
multiple platforms (including their bank accounts). I mean, if they are
"accepting responsibility", would it not be the actual responsible thing to do
to offer some sort of protection for their users? I am going to generalize
here and say that the "type" of user who would be using RockYou probably is
not the same "type' of person to use multiple email accounts/passwords, thus
by deduction a good portion of their user base is probably susceptible to
identity theft and they do nothing about that? Very responsible.

~~~
oscardelben
They are notifying users, what else can they do? The passwords are already
stolen.

------
jbm
“Locking down everything is complete,” Shen said. “Our security approach in
the future will have to be deeper.”

I'm not sure how much I believe someone who says that after storing his
passwords in plaintext.

