nav search

FTC, RockYou settle after 32 MILLION passwords pillaged

We will, we will, fine you

By Kelly Fiveash, 28 Mar 2012

An online gaming biz has been left with a $250,000 bill in a settlement with the US government over a hack that exposed 32 million email addresses and passwords.

The Federal Trade Commission said that RockYou had agreed to settle charges that it failed to protect the privacy of its customers despite "touting" its security features to users.

RockYou, which stored unencrypted sensitive data at the time of the major security breach in late 2009, was also accused of violating online privacy rules relating to the protection of children, aka COPPA, by collecting personal information from about 179,000 kids aged under 13.

"The proposed FTC settlement order with the company bars future deceptive claims by the company regarding privacy and data security, requires it to implement and maintain a data security program, bars future violations of the COPPA Rule, and requires it to pay a $250,000 civil penalty to settle the COPPA charges," said the commission.

RockYou develops social gaming titles that include Zoo World and Gourmet Ranch. Hackers mounted SQL injection attacks in December 2009 that exploited a gaping hole in the outfit's website. ®