Your password practices suck
         

<p>Over the weekend, servers belonging to Gawker Media were compromised, and the usernames, email addresses and passwords for commenters on a number of popular sites (Lifehacker, Gizmodo, io9 etc) were posted. publicly. Although the passwords were encrypted, brute-forcing simple passwords once you have access to the password database is often a fairly simple task. As proof of this, spammers have already launched an Acai Berry spam run on Twitter by simply using usernames and passwords stolen from the Gawker databases to log in on Twitter. In a large number of cases, they seem to have succeeded. We can also expect spammers and phishers to start targeting the compromised email addresses shortly: I've already had email from one Web 2.0 startup "helpfully" letting me know about the Gawker fiasco: it's a judgment call whether that's good neighborliness or borderline spam.</p>
         

http://www.spamnation.info/blog/archives/2010/12/passwords-and-bad-practice.html