FTC slaps RockYou for security snafu that exposed 32 million users


If you've ever played Zoo World, Gourmet Ranch or any RockYou game, you might want to change your passwords. But if you ever used a RockYou service before it got into the games business, you definitely want to. The U.S. Federal Trade Commission (FTC) has slapped the social game publisher with a $250,000 fine and an order for it to implement a "comprehensive data security program" after the personal information of 32 million users was exposed to hackers back in 2009.

Considering this security breach occurred years ago, it's likely only past users could have been affected. RockYou also allegedly violated the Children's Online Privacy Protection Act Rule (COPPA) after collecting the personal data of about 179,000 children.

The FTC complaint alleges that RockYou operated a website that required users' email addresses and passwords for them to use its photo-sharing and slideshow creation tools and to save their creations on the website. According to the FTC, RockYou allowed children to "create personal profiles and post personal information on slide shows that could be shared online."

According to the complaint, RockYou didn't even bother to encrypt this personal information. While the complaint refers to RockYou's time before it got into social games, it's tough not to worry about the state of security in the publisher's various games. Read the complaint in full here, and just to be safe, change all of your passwords if you ever played a RockYou game or used services like "Photos and Slideshows" or "Birthday Cards."

[Via The Inquirer]

Have you ever played a RockYou game or used its Photo and Slideshow service? What measures will you take to protect yourself? Sound off in the comments. Add Comment.