App Developer RockYou Sued For Exposing Users' Information To Hackers

An Indiana resident has sued application developer RockYou for an alleged security breach that exposed 32 million users' email addresses and passwords and social networking log-ins.

"While some security threats are unavoidable in a rapidly developing technological environment, RockYou recklessly and knowingly failed to take even the most basic steps to protect its users' [personally identifiable information]," the lawsuit alleges.

The lawsuit, brought on behalf of Evansville's Alan Claridge, alleges that until Dec. 5, RockYou stored users' information without "hashing, salting or any other common and reasonable method of data protection."

Claridge is seeking class-action status. The complaint, filed Monday in federal district court in the northern district of California by the law firm KamberEdelson, alleges that RockYou broke its contract with users, was negligent, and also violated various California laws.

Claridge, who used a RockYou photo-sharing application, alleges that the company's failure to protect log-ins compromises virtually all information stored in the cloud -- including data at online retail sites and payment services. "Because a majority of internet users utilize identical passwords across a wide range of websites, gaining access to a user's email account name and password has a high likelihood of providing access to a user's personal and/or work email account," the lawsuit asserts.

The security firm Imperva informed RockYou about the potential security threat on Dec. 4, and RockYou instituted new measures after that date, according to the lawsuit. But before then, at least one hacker, "igigi," allegedly accessed a database with 32 million usernames and passwords.

Claridge is asking the court to order RockYou to protect data "in accordance with industry standards" and to award monetary damages.

A RockYou representative said in a statement: "RockYou is aware of the class action suit brought by Alan Claridge and plans to defend itself vigorously. The company takes its users' privacy seriously."

Next story loading loading..