An online games developer was fined $250,000 by the United States' Federal Trade Commission for failing to secure the data of its users, a computer security firm reported.
Rockyou was found to have left its users' data in plain text when its flagship website Rockyou.com suffered a serious SQL injection flaw in 2009, Sophos said.
"What made it cringe-worthy is that they left user details in plain text... A whopping 32 million login details, including those of minors, were stolen and published on the web," Sophos said.
Yet, Sophos said the fine may only be the equivalent of a light public wrist slap.
It added Rockyou CEO Lisa Marino appeared "pleased" with the outcome.
She was quoted as saying RockYou is pleased to reach a settlement and gratified to put this matter behind it.
Sophos said the incident may have left a lesson to companies that collect user information - safeguard it well, so if someone breaks in, they cannot access the data.
More importantly, it said every single computer user should choose good passwords, noting the top 10 passwords that RockYou users had chosen:
123456 12345 123456789 Password iloveyou princess rockyou 1234567 12345678 abc123
"Please choose much better ones than these passwords for your own online accounts," it said. — TJD, GMA News