Yahoo is the latest victim of online hackers, having 400,000 plus accounts and their passwords stolen and posted online.

Apparently the company was asking for trouble by storing the information in plain text on their servers. Usually, if a company takes security seriously, they will encrypt password information of their users on their own servers so they can’t be read even if breached. Not the case this time.

The group responsible for the hacking said they posted the info online just to show Yahoo how poor their security is. Um, thanks?

Here’s Yahoo’s official statement:

At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.

Read more at Engadget.