An attack on Oracle's MySQL B2C site at the weekend has exposed some dubious password management at the firm.
Hackers known as "TinKode" and "Ne0h" carried out the SQL injection attack - presumably aware of the irony of doing so - posting user names and password hashes from the site.
These included the passwords for the corporate blogs of former MySQL director of product management Robin Schumacher, and former vice president of community relations Kaj Arnö.
Chester Wiesniewski, senior security advisor at Sophos Canada, argued that the revealed passwords said a lot about the poor security practices used at the firm.
"Most embarrassingly, the director of product management's WordPress password was set to a four digit number ... his ATM PIN perhaps? Several accounts had passwords like ‘qa'," he said.
"The irony is that they weren't compromised by means of their ridiculously simple passwords, but rather flaws in the implementation of their site."
He recommended all firms audit their public-facing sites for SQL injections, and noted that this isn't the first time MySQL has been in trouble.
"It was noted on Twitter that mysql.com is also subject to a cross-site scripting vulnerability that was reported in January 2011 and has not been remedied," he added.
Trump proposes a $1.3bn fine and a round of firings to un-bork ZTE
Findings could mean new optical frequencies to transmit more data along optical cables
Findings made by reconstructing its orbit by numerical simulation
3D printer was specially adapted to build therapeutic biomaterials from multiple materials