"If what is stated is true, it's utter negligence to store passwords in the clear," said Mark Bower, a data protection expert at Voltage Security, in an email Thursday. "This breach just goes to show that even big companies aren't taking enough steps to protect critical data."

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at , on or subscribe to . His email address is .

See .

in Computerworld's Cybercrime and Hacking Topic Center.