As noted, poor password management trumps strong security technology every time. Any bets on how long before google *requires* strong passwords? Both are victims, both share blame. A side note about this hack is that it highlights the trust relationships (and residual risk) that business partnerships impart upon each other.