Tianya: the Chinese password hack that just keeps on giving

Back in December 2011, reports were circulating regarding a data breach at one of the big Chinese social networking sites, Tianya.cn that suggested the login credentials of some 40 million users were potentially exposed. Clear text usernames and password combinations were stolen by hackers during the breach, although a Tianya spokesperson at the time said that only those users who registered before November 2009 would have had clear text logins as after that the service had implemented encryption (!) - quite why the existing membership data could not have been encrypted at this point is, frankly, beyond me. Word on the webvine at the time was that unencrypted data was not secured or deleted when the servers and systems were upgraded, and the Tianya administrators had to shoulder that failure. While the 40 million figure bandied around at the time seemed huge, later reporting suggested it wasn't that bad; 'only' 4 million users ended up having their usernames and passwords published online by the hackers for everyone to see.