Skip to content

Facebook App Maker (RockYou) Hit With Data-Breach Class Action

December 31, 2009

What is interesting about this story is not so much the SQL injection vulnerability that permitted this data breach, but rather the total disregard for the custodial care and privacy of user data by RockYou.

“RockYou, the popular provider of third-party apps for Facebook, MySpace and other social-networking services, is being hit with a proposed class-action accusing the company of having such poor data security that at least one hacker got away with 32 million e-mails and their passwords.”

It appears RockYou did not provide even a basic level of underlying security for this data:

“RockYou failed to use hashing, salting or any other common and reasonable method of data protection and therefore drastically exacerbated the consequences of a hacker bypassing its outer layer of web security,” according to the Monday complaint in San Francisco federal court.

Article here

One Comment leave one →
  1. January 26, 2010 10:37 am

    I see, do you remember a few months back when facebook changed their privacy settings so that the default choice was ‘everyone’? I think facebook simply did that to increase the number of pages visible in search engines and to all their users. I think they did this simply for money, because they knew that if more people saw more pages, they would make more money off of the advertisments. And they made this choice without caring for their users current privacy settings. But hey, what can you expect. Facebook is a corporation, and corporations make money.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: