Everybody is terrible at passwords; that is nothing new. Yet if you’re working at a prominent studio like Sony, maybe you ought to pick a finer secret word than “s0ny123” or “password.”

Days after the enormous hack against Sony, a group of hackers calling themselves “GOP”(Guardian of Peace) discarded online a trove of records that seem to be from the internal computers of Sony Pictures Entertainment. The documents contain all types of data, for example, sales reports, syndication contracts, and employee salaries.

Along with the hacked trove is also a folder called, just, “passwords.” And much the same as you’d expect, inside the folder there’s a document called “passwords.doc” dated March 2, 2011, which contains what resembles a rundown of worker usernames, passwords, and even credit card numbers.

One more folder in the trove contained payroll spreadsheets, with details, for example, workers’ names, occupation titles, home addresses, and current pay rates. A portion of the spreadsheet records is ensured by a password — a decent security practice. Sadly, within the same folder, there’s also a file named “passwords” which contains the password to open the documents.

It’s still misty how the hacker got access to Sony’s computer systems, and how they found themselves able to siphon out a huge number of documents. However, judging from the utilization of frightful passwords and the act of placing passwords in folders right beside the files they are suppose to protect, Sony’s security practices may be worthy of some responsibility.

Certainly, this isn’t the first time Sony has been trapped using awful security and password rehearses. Way back in 2011, Sony was broken numerous times, hitting the organization’s Playstation Network and Sony Pictures, uncovering 37,000 client accounts. The hack uncovered that Sony was putting away those clients’ passwords in plaintext instead of encrypting them, which is currently the diligence standard.