Bad Password Security at Twitter
Twitter fell to a dictionary attack because the site allowed unlimited failed login attempts:
Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.
Coding Horror has more, but—come on, people—this is basic stuff.
EDITED TO ADD (1/14): Twitter responds.