All well and good...

...but you're still gonna get SUED! At least they should be.

Why do companies secure their sensitive data only AFTER it is revealed to all and sundry? There are responsibilities to uphold when storing such data, and keeping it anywhere in plaintext (even/especially only on 'legacy' systems) is clear negligence.

Well, DUH!

There has never been an excuse for storing passwords in plain text. Doing that and saying security is one of their priorities is right up there with, "Your call is very important to us; please continue to hold..."

Don't worry, these same geniuses are now learning about SQL injection attacks and may devise a defense some day.

A pretty half-hearted admission IMO ...

>"Our users' privacy and data security have always been a priority for RockYou and we strive to keep them secure."

... because this bit just isn't true. You didn't "strive", in fact you didn't try, you didn't bother, you didn't lift a finger to "keep them secure". So we should assume that this statement represents empty marketing spin rather than brutal soul-bearing honesty. And therefore we should not "have confidence" that you will "continue to ensure" anything at all; we should have confidence that as soon as the problem is forgotten and last week's news, you will revert to type and stop taking security seriously. Because right now it's still a lower priority to you than marketing.

Same old same old

"Our users' privacy and data security have always been a priority for RockYou and we strive to keep them secure."

This has been proven to be untrue though, hasn't it? If it was true, this wouldn't have happened.

Hypocrites... or just plain stupid

"Our users' privacy and data security have always been a priority for RockYou and we strive to keep them secure" ...

Yet they stored passwords in plain text format. There is absolutely NO excuse for that if you "strive to keep them secure". The sad thing is I'm sure there are many other big sites that do the same thing, but the end user would never know about it until something like this happens. I guess to many people think, "Hey, they're smart enough to create this amazing web site functionality, so they MUST know what they are doing!"

To echo others

"Our users' privacy and data security have always been a priority for RockYou"

No they haven't. Clearly RockYou has no one on staff with the specific task of vetting security details. Or if they do, that person is either incompetent, or has been overruled by ignorant pointy-haired bosses or the professional liars on staff.

Fucking liars!

¿Why do corporations (and government, it seems) invariably resort to lies and spin instead of saying "We seriously fucked up and the director responsible for this fiasco has been dumped. We are going to send everyone affected £10, plus we will make good any fianancial losses that may ensue."?

Don't they realize that when platitudes such as that quoted appear, no thinking person pays the slightest attention. Gaseous feel-good messages no longer cut it, guys.

Been trying to figure out..

.. how it's possible I've never heard of a site that supposedly has 32M users - what's the deal? For emos or something?

SQL injection?

Jesus Christ. Must have been programmed by goats.

So that is where my SHIT spam comes from!!!

I should have known!!!

Paris..... because they are so dumb like her,