RockYou sued over data breach

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://news.cnet.com/8301-27080_3-10423042-245.html

By Elinor Mills InSecurity Complex CNET News December 30, 2009

An Indiana man filed a lawsuit against RockYou this week alleging that the 
provider of social-networking apps failed to secure its network and 
protect customer data, enabling a hacker to grab passwords of 32 million 
users earlier this month.

The suit seeking class action status was filed Monday in U.S. District 
Court in San Francisco by lawyers for Alan Claridge, of Evansville, Ind., 
who registered with RockYou in August 2008 to use a photo-sharing 
application. RockYou is a publisher and developer of online apps and 
services like "SuperWall" on Facebook and "Slideshow" on MySpace.

Claridge said he received an e-mail from RockYou on December 16 informing 
him that his sensitive, personally identifiable information, including 
e-mail address and password, may have been compromised in a security 
breach, according to the suit.

Security firm Imperva notified RockYou on December 4 that it had learned 
of a breach of RockYou's network from underground hacker forums. RockYou 
had been hit with a common type of exploit known as a SQL injection flaw 
that targets information stored in databases and hackers were regularly 
discussing the fact that the hole at RockYou was being exploited, the 
lawsuit said.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php