One of the first of the big password theft breaches to make a public splash, RockYou suffered a 2009 breach of 32 million plaintext passwords within a wide-open database. The consequences suffered by the company could be the model for ramifications likely to hit some of the other victims noted in previous slides. RockYou had to pay a $250,000 civil penalty to the FTC for its failure to live up to its privacy policy on its site due to its inadequate security practices.