Ralph Lauren Kids Download Windows

iszhenyang's picture

RockYou sued over data breach

English English Espaol

Reviews Top Categories More Categories Car Tech Cell Phones Desktops Digital Cameras Home Audio Laptops Printers Tablets Televisions Forums Appliances Camcorders Cell Phone Accessories E book Readers Games Gear GPS Hard Drives Storage Headphones Home Video Internet Access Monitors MP3 Players Networking Wi Fi Peripherals Software Wearable Tech Web Hosting

You are here: News Latest News Mobile Startups Cutting Edge Internet Media Security Privacy Business Tech Crave Apple Microsoft Politics Law Tech Culture Blogs Video Photos RSS

Ralph Lauren Kids Download Windows Software Mac Software iOS Apps Android Apps The Download Blog

CNET TV Most Popular New Releases Products Tech Shows How To The Fix CNET On Cars CNET Update Googlicious Next Big Thing The 404 XCAR

How To Appliances Computers Home Theater Photography Privacy Productivity Security Smartphones Tablets Web How To Video

Deals Today's Deals Coupon Codes Marketplace Blog

Log In Join Facebook Timeline options Log In Join CNET Sign in with

Facebook Timeline options My profile Log out

An Indiana man filed a lawsuit against RockYou this week alleging that the provider of social networking apps failed to secure its network and protect customer data, enabling a hacker to grab passwords of 32 million users earlier this month. District Court in San Francisco by lawyers for Alan Claridge, of Evansville, Ind., who registered with RockYou in August 2008 to use a photo sharing application. RockYou is a publisher and developer of online apps and services like "SuperWall" on Facebook and "Slideshow" on MySpace.

Claridge said he received an e mail from RockYou on December 16 informing him that his sensitive, personally identifiable information, including e mail address and password, may have been compromised in a security breach, according to the suit. cnvnclkv

Security firm Imperva notified RockYou on December 4 that it had learned of a breach of RockYou's network from underground hacker forums. RockYou had been hit with a common type of exploit known as a SQL injection flaw that targets information stored in databases and hackers were regularly discussing the fact that the hole at RockYou was being exploited, the lawsuit said.

After being informed of the breach, RockYou admitted that customer data had been stored in an unencrypted database.

The suit claims RockYou failed to protect sensitive user data including e mail addresses, passwords, and login credentials for social networking sites like Facebook and MySpace and was negligent in storing data in plaintext.

Ralph Lauren Shirt "RockYou recklessly and knowingly failed to take even the most basic steps to protect its users' PII (personally identifiable information) by leaving the data entirely unencrypted and available for any person with a basic set of hacking skills to take the PII of at least 32 million customers," the lawsuit alleges.

"Because a majority of Internet users utilize identical passwords across a wide range of Web sites, gaining access to a user's e mail account name and password has a high likelihood of providing access to a user's personal and/or work e mail account," the suit said.

RockYou also took at least one day to take action to fix the problem, and failed to notify customers of the breach in a reasonable time frame, not posting notice on its Web site or warning customers for 10 to 12 days after it was notified, the lawsuit alleges.

Ralph Lauren Polo Shirts Wendy Zaas, a spokeswoman for Redwood City, Calif. based RockYou, provided this statement when asked for comment on the lawsuit: "RockYou is aware of the class action suit brought by Alan Claridge and plans to defend itself vigorously. The company takes its users' privacy seriously."

Ralph Lauren T Shirts The lawsuit includes nine counts including negligence, breach of contract, violation of California's Computer Crime Law, and California's Security Breach Information Act, among other allegations. It asks the court to order RockYou to protect customer data and seeks unspecified damages.


The suit was first reported by Wired. Com. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press.