When warning about the risks of website attacks like SQL injection and remote file inclusion, we often talk about how these breaches can reveal sensitive data. What kind of sensitive data? Well, lots of kinds, such as personal data about account holders or privileged information like internal business documents. But the kind of sensitive data often targeted in website attacks are user account credentials. In short: passwords.