FTC slaps RockYou for security snafu that exposed 32 million users

![][1] If you've ever played [Zoo World][2], [Gourmet Ranch][3] or any [RockYou][4] game, you _might_ want to change your passwords. But if you ever used a RockYou service before it got into the games business, you _definitely_ want to. The U.S. Federal Trade Commission (FTC) has [slapped the social game publisher][5] with a $250,000 fine and an order for it to implement a "comprehensive data security program" after the personal information of 32 million users was exposed to hackers back in 2009.

Considering this security breach occurred years ago, it's likely only past users could have been affected. RockYou also allegedly violated the Children's Online Privacy Protection Act Rule (COPPA) after collecting the personal data of about 179,000 children.

The FTC complaint alleges that RockYou operated a website that required users' email addresses and passwords for them to use its photo-sharing and slideshow creation tools and to save their creations on the website. [According to the FTC][5], RockYou allowed children to "create personal profiles and post personal information on slide shows that could be shared online."

According to the complaint, RockYou didn't even bother to encrypt this personal information. While the complaint refers to RockYou's time before it got into social games, it's tough not to worry about the state of security in the publisher's various games. [Read the complaint in full here][6], and just to be safe, change all of your passwords if you ever played a RockYou game or used services like "Photos and Slideshows" or "Birthday Cards."

[Via [The Inquirer][7]]

**Have you ever played a RockYou game or used its Photo and Slideshow service? What measures will you take to protect yourself? Sound off in the comments. [Add Comment.][8]**

[Permalink][9] | [Email this][10] | [Linking Blogs][11] | [Comments][12]

[![][13]][14] [![][15]][16]

![][17]

[1]: http://o.aolcdn.com/dims/GAME/5/168/168/100/http://www.blogcdn.com/blog.games.com/media/2012/03/data-protection.jpg
[2]: http://blog.games.com/tag/zoo+world
[3]: http://blog.games.com/tag/gourmet+ranch
[4]: http://blog.games.com/tag/rockyou
[5]: http://ftc.gov/opa/2012/03/rockyou.shtm
[6]: http://ftc.gov/os/caselist/1023120/120327rockyoucmpt.pdf
[7]: http://www.theinquirer.net/inquirer/news/2164169/rockyou-security-blunder-exposes-million-gamers
[8]: http://blog.games.com/2012/03/28/rockyou-ftc-settle-security-breach/#disqus_thread
[9]: http://blog.games.com/2012/03/28/rockyou-ftc-settle-security-breach/ (Permanent link to this entry)
[10]: http://blog.games.com/forward/20202811/ (Send this entry to a friend via email)
[11]: http://www.technorati.com/cosmos/search.html?rank=&fc=1&url=http://blog.games.com/2012/03/28/rockyou-ftc-settle-security-breach/ (Linking Blogs)
[12]: http://blog.games.com/2012/03/28/rockyou-ftc-settle-security-breach/#comments (View reader comments on this entry)
[13]: http://feeds.feedburner.com/~ff/LarrysCorner?d=qj6IDK7rITs
[14]: http://feeds.feedburner.com/~ff/LarrysCorner?a=ozCe6xDv_uc:--5HtTtt11g:qj6IDK7rITs
[15]: http://feeds.feedburner.com/~ff/LarrysCorner?d=yIl2AUoC8zA
[16]: http://feeds.feedburner.com/~ff/LarrysCorner?a=ozCe6xDv_uc:--5HtTtt11g:yIl2AUoC8zA
[17]: http://feeds.feedburner.com/~r/LarrysCorner/~4/ozCe6xDv_uc

URL: http://feedproxy.google.com/~r/LarrysCorner/~3/ozCe6xDv_uc/
Enclosure: http://feedproxy.google.com/~r/LarrysCorner/~5/AQ12qbxwF7s/120327rockyoucmpt.pdf