We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

RockYou Settles Pending Charges for $250K Over Data Breach

Online social gaming site RockYou has agreed to pay $250,000 in civil penalties and make other concessions after a 2009 data breach

Social gaming website RockYou has agreed to settle pending charges against it by the U.S. Federal Trade Commission (FTC) with a $250,000 civil penalty and other concessions. RockYou was the victim of a data breach in 2009 that exposed the personal information of 32 million users to hackers.

The concessions include not engaging in deceptive claims regarding privacy and data security, maintaining a data security program, and not violating the Children's Online Privacy Protection Act (COPPA).

In its complaint against RockYou, the FTC alleged the company collected information from 179,000 children. Federal law bars the collection, use, or disclosure of personal information for children under 13 years old without their parent's consent. Information collected by RockYou from users who wish to use its website includes date of birth.

The FTC's action against RockYou was part of the agency's wider campaign to ensure companies live up to any claims they make that they will protect consumers' data.

The FTC wasn't the only one out to punish RockYou after the massive data breach was discovered in November 2009. An Indiana man, Alan Claridge, also filed a lawsuit against the company. The case was eventually settled out of court for $2000, plus legal fees, which amounted to $290,000.

The RockYou breach wasn't only significant because of its size--it was also an example of bad password practices. A study of passwords used by RockYou members showed a preponderance of trivial ones: 12345, 123456, password, rockyou, and such.

Using a dictionary of the 5000 most commonly used passwords, the study found, a brute force attack could crack 1000 passwords every 17 minutes.

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.

IDG UK Sites

Acer Aspire R11 review: Hands-on with the 360 laptop and tablet convertible

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

See how Framestore created a shape-shifting, oil and metal based creature for Shell

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......