Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Fines RockYou $250,000 For Storing User Data In Plain Text

Posted by samzenpus on from the pay-up dept.

An anonymous reader writes "You probably don't remember the RockYou fiasco as it happened in late 2009. In case you don't, social game developer RockYou suffered a serious SQL injection flaw on its flagship website. Worse, the company was storing user details in plain text. As a result, tens of millions of login details, including those belonging to minors, were stolen and published online. Now, RockYou has finally settled with the Federal Trade Commission."

5 of 127 comments (clear)

  1. They fined RockYou like a hurricane! by Anonymous Coward · · Score: 0, Funny

    A category 3. Could have been worse.

    1. Re:They fined RockYou like a hurricane! by mcl630 · · Score: 2, Funny

      We will
      We will
      Rock You!

      We will
      We will
      Fine You!

  2. Reasons to store in plaintext by Spy+Handler · · Score: 4, Funny

    * Some users like to be reminded of their password if they forget. If you lost your password, what kind of email would you rather get?

    "Your password has been reset, and your new password is dFgk3b&4k72"

    or,

    "Your password is iloveyou123"

    * You might decide to fire up phpmyadmin and browse the `users` table for fun one day.

    * If you're going to hash the passwords, you should salt it too, and that just introduces too much complexity and things to screw up. Keep it simple!

    * Your boss doesn't know what a hash is, why should you?

    1. Re:Reasons to store in plaintext by truedfx · · Score: 4, Funny

      What's most wrong with that is the suggestion that one might use phpmyadmin for fun.

  3. This isn't fair... by Metricmouse · · Score: 4, Funny

    RockYou did the best they could by using double ROT13 encryption of these files. So sad to see them get fined.