The Inquirer-Home

Rockyou security blunder exposed data on 32 million gamers

US FTC wades in
Wed Mar 28 2012, 10:22

SOCIAL GAMING OUTFIT Rockyou has agreed to implement a "comprehensive data security programme" and cough up a $250,000 fine to the US Federal Trade Commission (FTC).

The FTC revealed that after it issued a complaint against Rockyou the gaming web site operator agreed to settle charges that, despite promoting its internal security measures, it failed to protect the privacy of its users. This allowed hackers to access the personal details of 32 million users, including almost 200,000 children.

The FTC also alleged in its complaint that the gaming developer violated the Children's Online Privacy Protection Act Rule (COPPA Rule) by collecting information from children. The COPPA Rule requires that webs site operators notify parents and obtain their consent before they collect, use or disclose personal information from children under 13. It also requires that web site operators post a privacy policy that is clear, understandable and complete.

It alleged that Rockyou "knowingly collected" approximately 179,000 childrens' email addresses and associated passwords during registration without their parents' consent and enabled children to create personal profiles and post personal information on slide shows that could be shared online.

The company also asked for childrens' dates of birth, and so must have knowingly accepted registrations from children under 13. In addition, the company's security failures put users' including childrens' personal information at risk, according to the FTC.

The trade regulator said its proposed settlement order bars deceptive claims regarding privacy and data security and requires Rockyou to implement a data security programme and submit to security audits by independent third-party auditors every other year for 20 years. It also requires Rockyou to delete information collected from children under age 13 and bars further COPPA violations.

The FTC said its complaint against Rockyou is part of its ongoing effort to make sure that companies live up to the privacy promises they make to consumers, and that childrens' information isn't collected or shared online without their parents' consent. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Dead electronic devices to be banned on US-bound flights

Will the new rules banning uncharged devices be effective?