The post explains that no passwords to outside services were implicated in the breach. So this is just as amateur a mistake as it sounds - storing their own passwords in plaintext for no reason at all.
Not true. This press release may say that, but earlier accounts disagree:
"This matter now appears worse than originally suspected as the dataset also contains a table where RockYou have stored user credentials for social networks and other partner sites."
Also, consider RockYou's initial statement, in which they would only say that no Facebook accounts were compromised:
"RockYou confirms that no application accounts on Facebook were impacted by this hack and that most of the accounts affected were for earlier applications (including slideshow, glitter text, fun notes) that are no longer formally supported by the company."
But you're right about them storing the internal passwords in clear text, which I did not know. That is absurdly dumb.
