From: InfoSec News (alertsinfosecnews.org)
Date: Thu Dec 31 2009 - 20:27:32 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://news.cnet.com/8301-27080_3-10423042-245.html

By Elinor Mills
InSecurity Complex
CNET News
December 30, 2009

An Indiana man filed a lawsuit against RockYou this week alleging that
the provider of social-networking apps failed to secure its network and
protect customer data, enabling a hacker to grab passwords of 32 million
users earlier this month.

The suit seeking class action status was filed Monday in U.S. District
Court in San Francisco by lawyers for Alan Claridge, of Evansville,
Ind., who registered with RockYou in August 2008 to use a photo-sharing
application. RockYou is a publisher and developer of online apps and
services like "SuperWall" on Facebook and "Slideshow" on MySpace.

Claridge said he received an e-mail from RockYou on December 16
informing him that his sensitive, personally identifiable information,
including e-mail address and password, may have been compromised in a
security breach, according to the suit.

Security firm Imperva notified RockYou on December 4 that it had learned
of a breach of RockYou's network from underground hacker forums. RockYou
had been hit with a common type of exploit known as a SQL injection flaw
that targets information stored in databases and hackers were regularly
discussing the fact that the hole at RockYou was being exploited, the
lawsuit said.

[...]

________________________________________
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News
http://www.infosecnews.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]