An attack on Oracle's MySQL B2C site at the weekend has exposed some dubious password management at the firm.
Hackers known as "TinKode" and "Ne0h" carried out the SQL injection attack - presumably aware of the irony of doing so - posting user names and password hashes from the site.
These included the passwords for the corporate blogs of former MySQL director of product management Robin Schumacher, and former vice president of community relations Kaj Arnö.
Chester Wiesniewski, senior security advisor at Sophos Canada, argued that the revealed passwords said a lot about the poor security practices used at the firm.
"Most embarrassingly, the director of product management's WordPress password was set to a four digit number ... his ATM PIN perhaps? Several accounts had passwords like ‘qa'," he said.
"The irony is that they weren't compromised by means of their ridiculously simple passwords, but rather flaws in the implementation of their site."
He recommended all firms audit their public-facing sites for SQL injections, and noted that this isn't the first time MySQL has been in trouble.
"It was noted on Twitter that mysql.com is also subject to a cross-site scripting vulnerability that was reported in January 2011 and has not been remedied," he added.
HP and Centrica are the first industry partners to sign up to the government's new Code
New ice grows faster but is also more vulnerable to weather and wind
With a crackdown on cheats is coming in November, PUBG rushes to fix matchmaking problems introduced in Update #22
New material uses carbon dioxide from the air to repair and reinforce itself