San Francisco, CA: RockYou, a provider of popular applications for Facebook, Myspace, and other social networking sites, is facing a potential class action over allegations that the company didn't use appropriate measures to secure customer data. RockYou makes the Slideshow app for MySpace and the Superwall app for Facebook.
According to RockYou's own website, "one or more individuals illegally breached one of our databases that contained the usernames and passwords for about 32 million users in an unencrypted format. It also included these users' email addresses." The December 4th security breach has been called catastrophic.
The allegations are that customer data was unencrypted and therefore "available to even the lease capable hacker." According to the complaint, filed this week in San Francisco, "RockYou failed to use hashing, salting or any other common and reasonable method of data protection and therefore drastically exacerbated the consequences of a hacker bypassing its outer layer of web security."
Additionally, the company allegedly did not notify customers of the December 4th breach quickly, and one week later told customers to "change their passwords for their e-mail and other online accounts if they use the same e-mail accounts and passwords for multiple online services."
The plaintiffs are seeking a court order requiring RockYou to increase its security, as well as unspecified damages.
