RSS Alerts

Related Links

  • RockYou.com
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Ponemon and Imperva survey shows firms struggling on payment data security
    Research released today by the Ponemon Institute and sponsored by Imperva, the data security specialist, claims to show that companies are still struggling to protect consumer credit card data.
  • Keeping sensitive information secure when staff is leaving
    Career loyalty is an endangered creature. Unlike our predecessors, today’s workforce is unlikely to stay committed to a job for five years, let alone their entire lives. But with such a fluid stream of employees keeping human resources busy, and countless eyes being cast over company data, Rob Stringer investigates how sensitive information can stay faithful to its organisation, even if its staff don’t...
  • What’s in store for 2010?
    The Noughties are behind us now, but memories of a decade of data breaches will continue to haunt the infosec professional. If only there was a way of knowing what the threat landscape would look like in the months to come. Well you’re in luck as Davey Winder has dusted off the crystal ball and spoken to a broad church of infosec professionals to get some informed predictions for 2010
  • Twitter accounts being hacked by cybecriminals looking for value
    Internet user accounts and passwords – known as credentials in security circles – are rising in value and, say some reports, the credentials on Twitter, the social networking portal, can be worth up to $1000.
  • Imperva reports major social networking hub site compromised
    Data security specialist Imperva has issued a warning after discovering a potentially serious SQL injection flaw with Rockyou.com, the social networking application development web portal.

News

Lawsuit alleges corporate negligence over loss of 30 million social networking usernames and passwords

31 December 2009

A major lawsuit - stemming from a hacker attack on the RockYou social networking applications software portal - has been filed in the US.

The suit, which was filed by an Indiana man earlier this week, accuses RockYou - a developer of online social networking applications such as SuperWall on Facebook and Slideshow on MySpace - of allowing a hacker to steal usernames and passwords of over 32 million users.

As reported by Infosecurity earlier this month, Rockyou.com is not just any software site. Since its creation in 2006, it has become the hub for many social networking sites such as Bebo, Facebook and Myspace, to mention but a few.

At the time of the hack, Amichai Shulman, CTO of data security specialist Imperva, said that the bad news is that the SQL injection flaw - which caused the vulnerability - could have allowed hackers to access the 32 million entries of usernames plus passwords in the Rockyou.com database.

"And since the usernames and passwords are by default the same as the users' webmail account... this is a major lapse in security", he said.

Back in the present and Alan Claridge is reportedly seeking class action status on a lawsuit he filed on Monday in San Francisco.

Claridge said he registered with the RockYou portal last year to use a photo sharing application, and was notified last week that his personal information was compromised, including physical, plus email address details, as well as credit card information.

The lawsuit accuses RockYou of failing in its responsibility to protect sensitive customer data including email addresses, passwords, and login credentials for social networking sites.

In addition, it accuses RockYou of negligence in storing sensitive data in plaintext.

The lawsuit also alleges that RockYou failed to notify customers of the data loss in a reasonable period by only posting a notice on its website 10-12 days after it was notified.

"Because a majority of internet users utilise identical passwords across a wide range of websites, gaining access to a user's email account name and password has a high likelihood of providing access to a user's personal and/or work email account", the suit notes.

Just for good measure, the lawsuit includes nine counts including breach of contract, violation of California's Computer Crime Law, negligence, and California's Security Breach Information Act, among several other allegations.

In connection with this, the suit seeks for the court to order RockYou to protect customer data under penalty of law and seeks unspecified damages.

RockYou has not yet responded to the lawsuit.

 

This article is featured in:
Compliance and Policy Data Loss

 

Comments

John Franks says:

31 December 2009
Anyone else here reading “I.T. WARS”? I don’t mean this to get screened as spam or a commercial endorsement – the book is in my library (Fairfax Co. Public Library – DC Metro area) and you can probably read it for free. But the main point: I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. I am frankly surprised that the concept of an “eCulture” is not a dominant topic of discussion. Why is there no national discussion of the crucial, and reciprocally-relying, “business-technology weave”? The book has a great chapter on security. Just Google “IT WARS” – check out a couple links down and read the interview with the author David Scott. (Full title is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium”).

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water