We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

RockYou Settles Pending Charges for $250K Over Data Breach

Online social gaming site RockYou has agreed to pay $250,000 in civil penalties and make other concessions after a 2009 data breach

Social gaming website RockYou has agreed to settle pending charges against it by the U.S. Federal Trade Commission (FTC) with a $250,000 civil penalty and other concessions. RockYou was the victim of a data breach in 2009 that exposed the personal information of 32 million users to hackers.

The concessions include not engaging in deceptive claims regarding privacy and data security, maintaining a data security program, and not violating the Children's Online Privacy Protection Act (COPPA).

In its complaint against RockYou, the FTC alleged the company collected information from 179,000 children. Federal law bars the collection, use, or disclosure of personal information for children under 13 years old without their parent's consent. Information collected by RockYou from users who wish to use its website includes date of birth.

The FTC's action against RockYou was part of the agency's wider campaign to ensure companies live up to any claims they make that they will protect consumers' data.

The FTC wasn't the only one out to punish RockYou after the massive data breach was discovered in November 2009. An Indiana man, Alan Claridge, also filed a lawsuit against the company. The case was eventually settled out of court for $2000, plus legal fees, which amounted to $290,000.

The RockYou breach wasn't only significant because of its size--it was also an example of bad password practices. A study of passwords used by RockYou members showed a preponderance of trivial ones: 12345, 123456, password, rockyou, and such.

Using a dictionary of the 5000 most commonly used passwords, the study found, a brute force attack could crack 1000 passwords every 17 minutes.

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.

IDG UK Sites

Windows 10 release date, price, features UK: Staggered release with PCs coming first this summer -...

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

MacBook Pro 15in preview: better battery life, faster storage and a new discrete graphics chip may...