FTC fines RockYou $250,000 for exposing identities of 32 million gamers

By on March 28, 2012, 5:00 PM

Online social gaming outfit, RockYou, has settled with the FTC after an embarrassing security snafu in 2009 allowed hackers to reveal the accounts and passwords of more than 32 million users. The company has been fined $250,000 and is required to maintain a formal security program in order to protect user accounts.

Further aggravating officials, RockYou had also publicly fibbed about the robustness of its security and privacy policies. As a result, the FTC is also prohibiting the company from making any more deceptive claims regarding such policies in the future or it will face further penalties.

RockYou's servers were breached by a 10-year old SQL injection attack. To make matters worse, account data was left unencrypted -- yes, in plain text with no attempt to obfuscate it.

If you think that's bad, RockYou was also storing third-party user credentials from partner sites like MySpace and webmail. As a result, hackers not only had access to just RockYou accounts, but also to users' Yahoo, Gmail, AOL etc. accounts too.

Out of the 32 million compromised accounts, about 179,000 were identified as under the age of 13. The FTC determined that RockYou was well aware of underage youth engaging in its social gaming services, but the company did nothing to prevent this. Allowing children under the age of 13 to participate is a direct violation of the COPPA act, a contributing factor leading to RockYou's indictment by the FTC.

So far, the FTC's effort to enforce data privacy has led to the indictment of 36 organizations, like RockYou, who have made egregious errors in taking matters of security and privacy seriously.

User Comments: 6

Got something to say? Post a comment
ikesmasher said:

only 250k? wow.

Guest said:

think how much candy that 10 year old hacker can buy with it...

Guest said:

It wasn't a 10 year old hacker it was a 10 year old SQL Injection technique. And the hacker didn't get any money, all they got was a lot of accounts.

Trillionsin Trillionsin said:

this keeps happening... with many companies.

I'd like to know the total amount of people online who have had their information compromised and compare it to the number of people in the world, who's countries have internet access.

Guest said:

I've often wondered, where does that $250,000 go?

Does any of that go to those that were impacted?

...or did the FTC just get a windfall for their budget?

captainawesome captainawesome said:

Sounds to me like rockyou struck a bargain. The underage accounts alone should tally up more than a few mil

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.