Millions of user passwords to social networking sites have been exposed,
after a serious SQL injection flaw on the Rockyou.com website left login details
— stored in plain text — up for grabs.
RockYou — which develops apps for social networking sites including Facebook,
Bebo and MySpace — stored usernames, passwords and email addresses in plain text.
That’s bad enough in itself, but then an SQL injection flaw on RockYou’s website
exposed the information to prying eyes.