Slavik Markovich, CTO of Database Security at , explained, "It is often the case that obvious database vulnerabilities--such as weak passwords and default configuration settings--are initially overlooked and never fully remediated," adding, "An organization's sensitive information can never be adequately secured if it lacks dedicated tools and processes to gain complete visibility into their databases' security weaknesses and eliminate the opportunity for the bad guys to exploit them."

That may have played a part in this security failure, but the simple fact is Yahoo has been in the Internet business long enough to know better. There's really no excuse.