BreachExchange mailing list archives
follow-up: RockYou to pay FTC $250K after breach of 32M passwords
From: security curmudgeon <jericho () attrition org>
Date: Tue, 27 Mar 2012 20:18:57 -0500 (CDT)
http://www.scmagazine.com/rockyou-to-pay-ftc-250k-after-breach-of-32m-passwords/article/233992/ RockYou to pay FTC $250K after breach of 32M passwords Dan Kaplan March 27, 2012 RockYou, a company that makes games and other applications for use on social networking sites, must pay $250,000 following a settlement with the Federal Trade Commission over a massive 2009 breach. The FTC had accused the Redwood City, Calif. firm of failing to protect the privacy of its users after a SQL vulnerability was detected, which gave hackers access to 32 million usernames and passwords stored in clear text. At least one intruder admitted to exploiting the vulnerability, and the weakness was openly discussed in hacking forums. In addition, the FTC alleged that RockYou violated the Children's Online Privacy Protection Act Rule, which addresses websites collecting the personal information of children under 13. RockYou was charged with failing to provide a clear policy of its information handling practices, obtain parental consent prior to collecting the information, and failing to protect it. In fact, according to the FTC complaint (PDF), RockYou's privacy policy at the time said it "does not knowingly collect or maintain" any data about children under 13. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- follow-up: RockYou to pay FTC $250K after breach of 32M passwords security curmudgeon (Mar 28)