Serious Data Breach Leads to Class-Action Suit Against Facebook App Developer
Serious Data Breach Leads to Class-Action Suit Against Facebook App Developer
Posted 12/31/2009 at 6:39am
| by Pulkit Chandna
2
Comments
Print
You may have noticed the name RockYou on some popular apps found on leading social networking sites Facebook and MySpace. The Redwood City-based company was founded in 2006 and currently ranks among the world's top social networking app developers. However, paying tribute to RockYou's precious contribution to the social web is not the subject of this story.
The developer is in the news for (almost) opprobrious reasons: a new class-action suit accuses it of abjectly failing at the task of protecting millions of user accounts from “even the least capable hacker.” According to the suit, a hacker managed to get past RockYou's flimsy security - sensitive information was reportedly stored in plain text - using a SQL injection flaw. The hacker, identified only by his sobriquet “igigi,” pilfered the emails and passwords of 32 million RockYou users, who weren't even informed of the breach that occurred on December 4. The lawyer heading the class-action, Michael Aschenbrener, termed the breach “catastrophic” during a telephone interview with Wired.
The app developer has vowed to defend itself “vigorously” and dismissed allegations that user privacy does not figure on its list of priorities. But a spokesperson for the company refused to comment any further on the allegations during an interview with Wired.
Image Credit: Gawker
More like this
2
Comments
Comments are closed on this article
domih2009
December 31, 2009 at 1:32pm
...you expect it to have 4 tires, a wheel drive, an engine, brakes and the usual accommodations. If the transmission breaks after 50K miles, you expect a free replacement.
The issue here is that there are no regulations about the minimum security a web site must implement. In addition web sites do not offer any warranty (other than a user license that usually offers no warranty in terms of use). So lawyers can have a field trip on this case.
This being said, RTFA, you have to be pretty dumb to store passwords in clear, not handling SQL injections and so on. This is web security 101.
According to the article, there is actual damage because, I quote: <<...More than a week after the breach, the company recommended that its
customers “change their passwords for their e-mail and other online
accounts if they use the same e-mail accounts and passwords for multiple online services...>>Given the legal limbo, I am sure the lawyers will spend a lot of time valuing the damage.
Meanwhile, the best for the rest of us is simple: do not use Facebook (a.k.a Ur Privacy R Us).
somethingelse
December 31, 2009 at 9:24am
Going after Facebook itself is dumb enough, but fine, they're making a killing and they are the most popular social network, so let's let that slide. But going after facebook app developers???
A lot of the facebook apps are written by high school and college students who are in some cases writting a facebook app as a first project. Most of these kids have no clue about security and coding best practices (yet) when it comes to coding; they are doing this for fun and not for profit! They are not concerned about stuff like SQL injection and XSS vulnurabilities or encrypting the data when they are just experimenting. It's up to facebook to check if the apps they approve have serious security flaws and whether they should allow it to go public on their site.
And, as already said so many times by so many others, it's the users decision to use these apps..there are no gurantees anywhere that their information is confidential; once it's on the internet, it's out there. So leave facebook alone, leave the app developers alone; half of which are probably not even in their 20s yet, and piss off with your class action lawsuits already. If this bs keeps up, no one will want to be a programmer anymore.
what signature, where do i sign?
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy1 day 23 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj1 day 23 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E3 days 21 hours ago
