Yahoo! committed a security blunder of epic proportions when it stored password data on hundreds of thousands of its users without encryption. Even worse, the data leaked, and it also included information on Gmail, AOL, Hotmail, Comcast, MSN, SBC Global Verizon, BellSouth and Live.com users. D'oh. Yahoo! didn’t have 400,000 user passwords stolen as much as it gave them away, at least if reports on the subject are to be trusted The company, which could have a hard time figuring out how to make popcorn, stored the data without encryption. Despite this glaring security blunder, the company said in a statement, “At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products.” Yahoo! attempted to downplay the incident by claiming the leaked information belongs to Yahoo Voices, a self-publishing service once known as Associated Content, and that less than five percent of the Voices accounts had still-valid passwords. Attention: Your security is only as good as its weakest link. The dumped account information also included account information on Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com users. Security researchers at Rapid7 found data on roughly 106,000 Gmail accounts, 55,000 Hotmail accounts and 25,000 AOL accounts. Here are some quotes to demonstrate just how moronic this was: “Yahoo failed fatally here. … I mean, this is Yahoo we’re talking about. With the security policies it has in place for its other sites, it should have known to at least put up a firewall to detect these kind of things.” — Anders Nilsson, security expert and chief technology officer of Scandinavian security company Eurosecure. “This isn’t supposed to happen. … [This is] an easy thing to prepare for.” — Constellation Research analyst Ray Wang “Why haven’t organizations like Yahoo got it yet? SQL injection is a known attack. If what is stated is true, it’s utter negligence to store passwords in the clear.” — Mark Bower, a vice president at Voltage Security. But Yahoo isn’t the only idiot here. According to Business Insider, the 10 most common passwords in the stolen data are as follows: 123456 password welcome ninja abc123 123456789 12345678 sunshine princes qwerty My pug could come up with better passwords in her sleep. Related content opinion Why Bitcoins are Just as Viable as Any Other Currency The true value of any currency is a reflection of how much people believe it's worth, according to CIO blogger Constantine von Hoffman. But it's wise to remember just how fast beliefs can change. By Constantine von Hoffman Apr 15, 2013 4 mins Government Technology Industry opinion No Surprise: Docs Show Obama Administration Lying About Drones President Obama has repeatedly said drones would only be used against members of al Qaida and allied groups. However, leaked intelligence documents show the administration has been using them to settle political and tribal feuds for at least four yea By Constantine von Hoffman Apr 10, 2013 3 mins Regulation Government opinion How Big Data Can Quickly Become Big Garbage The bigger the data the bigger the chance of mistakes or inaccuracies. In that vein, a large database used by retailers to screen people accused of stealing from employers is identifying innocent people and could result in major lawsuits, according t By Constantine von Hoffman Apr 04, 2013 2 mins Big Data opinion Why Crazy Trumps Logic on the Internet The earth is flat. Vaccines cause autism. 9/11 was a government conspiracy. These are just a few of the many ideas that continue to find adherents online despite overwhelming proof that they're not based on fact. CIO.com blogger Constantine von By Constantine von Hoffman Apr 02, 2013 3 mins Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe