Social networking website password of over a million users had been left exposed and up for grabs after a major SQL injection flaw on the Rockyou. com site led to login details, stored in plain text, to come out.

RockYou, the application developer for social network sites like Facebook, Bebo and MySpace, stored usernames, email addresses and password in plain text, and the SQL flaw actually ended up putting it up for easy notice by prying eyes.

"The bad news is that the SQL injection flaw could have allowed hackers to access the 32 million entries of user names plus passwords in the Rockyou. com database... since the user names and passwords are by default the same as the user's webmail account ? such as Hotmail, Yahoo or Gmail ? this is a major lapse in security", said Amichai Shulman, Chief Technology Officer of data security firm Imperva.

Although it has been reported that RockYou has effectively fixed the snag, the correction has come too late for many users who have been exposed to risk of spam and online scams.

It has been estimated that a total of 32 million email addresses and passwords were left exposed.