Earlier this month at least one hacker accessed 32 million RockYou users’ e-mails and passwords that had been stored in plain text and vulnerable through aSQL security hole, even after a security firm had warned the social application maker and ad network of the issue. Now one of those users is trying to get the startup to pay the price, filing a proposed class action lawsuit on Dec. 28 in U.S. District Court in Northern California.
RockYou member Alan Claridge accuses the company of failing to properly secure his data, allowing hacker “igigi” to gain access to it, and failing to promptly notify him about it. The lawsuit’s complaints (full text embedded below) include unlawful, unfair and fraudulent business practices, violation of consumer protection legislation, and negligence.
None of this is new information; RockYou has admitted to the security issues publicly. However, a spokesperson told Wired.com’s Threat Level that the company “plans to defend itself vigorously” and that it “takes its users’ privacy seriously.”
The lawsuit asks that RockYou be ordered to protect its users’ data as well as for yet-to-be-determined damages.
RockYou has raised $119 million from Softbank, Sequoia Capital, Partech International, Lightspeed Venture Partners and DCM. This is not the company’s first time in court; it had previously settled a lawsuit brought by its founders’ former employer over a similar project the two had been working on before they left.
Startups, for goodness sakes be careful with your users’ data!