32 million of them to be precise, which hackers gained access to via an SQL injection attack (sounds painful).
Unfortunately the user details were all kept in plain text, so really this is a double security cock-up.
Anyone who has used RockYou’s widgets is being advised to change their social networking site passwords as a precautionary measure.
Security experts are also advising folks to change their webmail passwords as well, as the hacked details contained email addresses.
So if your email password is the same as your social networking one – and many people duplicate their passwords unwisely – then hackers could gain access to your email account.
RockYou issued a statement to TechCrunch, indicating that it has “secured the site and is in the process of informing all registered users that the hack took place”.