4 Comments

Summary:

Following RockYou allowing 32 million users’ e-mails and passwords that had been stored in plain text to be accessed by at least one hacker through a SQL security hole, one such user has filed a proposed class action lawsuit.

Earlier this month at least one hacker accessed 32 million RockYou users’ e-mails and passwords that had been stored in plain text and vulnerable through aSQL security hole, even after a security firm had warned the social application maker and ad network of the issue. Now one of those users is trying to get the startup to pay the price, filing a proposed class action lawsuit on Dec. 28 in U.S. District Court in Northern California.

RockYou member Alan Claridge accuses the company of failing to properly secure his data, allowing hacker “igigi” to gain access to it, and failing to promptly notify him about it. The lawsuit’s complaints (full text embedded below) include unlawful, unfair and fraudulent business practices, violation of consumer protection legislation, and negligence.

None of this is new information; RockYou has admitted to the security issues publicly. However, a spokesperson told Wired.com’s Threat Level that the company “plans to defend itself vigorously” and that it “takes its users’ privacy seriously.”

The lawsuit asks that RockYou be ordered to protect its users’ data as well as for yet-to-be-determined damages.

RockYou has raised $119 million from Softbank, Sequoia Capital, Partech International, Lightspeed Venture Partners and DCM. This is not the company’s first time in court; it had previously settled a lawsuit brought by its founders’ former employer over a similar project the two had been working on before they left.

Startups, for goodness sakes be careful with your users’ data!

Proposed class action lawsuit against RockYou

  1. Man, they are dead meat and will have to pay real money to settle this thing. After admitting publicly they will have little chance to defend themselves. Maybe we’ll end up with one less widget company?

    Share
  2. [...] sa celý prípad prieniku snažila utajiť, zavádzala svojich užívateľov, čoho výsledkom je žaloba. Tá bola podaná na spoločnosť za neschopnosť ochrániť dáta užívateľov a taktiež to, že [...]

    Share
  3. [...] with an estimated 32 million usernames and passwords through an aSQL security hole. Now they are being sued, ostensibly for not protecting their user’s data. The lawsuit could go class action, and at [...]

    Share
  4. [...] sa celý prípad prieniku snažila utajiť, zavádzala svojich užívateľov, čoho výsledkom je žaloba. Tá bola podaná na spoločnosť za neschopnosť ochrániť dáta užívateľov a taktiež to, že [...]

    Share

Comments have been disabled for this post