RSS Alerts

Share

More services

Related Links

  • RockYou.com
  • Elsevier Ltd is not responsible for the content of external websites.

Top 5 Stories

News

Lawsuit alleges corporate negligence over loss of 30 million social networking usernames and passwords

31 December 2009

A major lawsuit - stemming from a hacker attack on the RockYou social networking applications software portal - has been filed in the US.

The suit, which was filed by an Indiana man earlier this week, accuses RockYou - a developer of online social networking applications such as SuperWall on Facebook and Slideshow on MySpace - of allowing a hacker to steal usernames and passwords of over 32 million users.

As reported by Infosecurity earlier this month, Rockyou.com is not just any software site. Since its creation in 2006, it has become the hub for many social networking sites such as Bebo, Facebook and Myspace, to mention but a few.

At the time of the hack, Amichai Shulman, CTO of data security specialist Imperva, said that the bad news is that the SQL injection flaw - which caused the vulnerability - could have allowed hackers to access the 32 million entries of usernames plus passwords in the Rockyou.com database.

"And since the usernames and passwords are by default the same as the users' webmail account... this is a major lapse in security", he said.

Back in the present and Alan Claridge is reportedly seeking class action status on a lawsuit he filed on Monday in San Francisco.

Claridge said he registered with the RockYou portal last year to use a photo sharing application, and was notified last week that his personal information was compromised, including physical, plus email address details, as well as credit card information.

The lawsuit accuses RockYou of failing in its responsibility to protect sensitive customer data including email addresses, passwords, and login credentials for social networking sites.

In addition, it accuses RockYou of negligence in storing sensitive data in plaintext.

The lawsuit also alleges that RockYou failed to notify customers of the data loss in a reasonable period by only posting a notice on its website 10-12 days after it was notified.

"Because a majority of internet users utilise identical passwords across a wide range of websites, gaining access to a user's email account name and password has a high likelihood of providing access to a user's personal and/or work email account", the suit notes.

Just for good measure, the lawsuit includes nine counts including breach of contract, violation of California's Computer Crime Law, negligence, and California's Security Breach Information Act, among several other allegations.

In connection with this, the suit seeks for the court to order RockYou to protect customer data under penalty of law and seeks unspecified damages.

RockYou has not yet responded to the lawsuit.

This article is featured in:
Compliance and Policy  • Data Loss

 

Comments

John Franks says:

31 December 2009
Anyone else here reading “I.T. WARS”? I don’t mean this to get screened as spam or a commercial endorsement – the book is in my library (Fairfax Co. Public Library – DC Metro area) and you can probably read it for free. But the main point: I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. I am frankly surprised that the concept of an “eCulture” is not a dominant topic of discussion. Why is there no national discussion of the crucial, and reciprocally-relying, “business-technology weave”? The book has a great chapter on security. Just Google “IT WARS” – check out a couple links down and read the interview with the author David Scott. (Full title is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium”).

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012