Back in late 2009, Rockyou, an online games developer, suffered a serious SQL injection flaw on its flagship website.
What made it cringe-worthy is that they left user details in plain text.
A whopping 32 million login details, including those of minors, were stolen and published on the web.
They have just been fined $250,000 USD by the Federal Trade Commission (FTC) for being too careless with customer data, accounting for an estimated 0.2% of their valuation, according to Crunchbase.
Let’s be honest, the fine isn’t going to make a noticeable dent in their financial armour. Seems to me the equivalent of a light public wrist slap. One cannot help but wonder how much it cost the FTC to gather the information required to issue the fine….
Rockyou CEO Lisa Marino seems rather pleased with the outcome. In SC Magazine, she is quoted as saying
RockYou is pleased to reach a settlement and gratified to put this matter behind us. We appreciate the work the FTC has done in this process as they have been fair, reasonable and timely throughout.
But since the breach, Rockyou hasn’t been exactly sailing on smooth waters. It faced two rounds of “restructuring” where employees were laid off. TechCrunch also reported that its main competitor, Slide, was bought by Google for the tidy sum of $228M USD in October 2010.
So, what can the rest of us learn from all this?
One, if you collect user information, for the love of all that is good in the world, safeguard it well. So if someone does break in, they cannot access the data.
Here are the top 10 passwords that RockYou users had chosen:
Please choose much better ones than these passwords for your own online accounts.
Image of idea light bulb, courtesy of ShutterStock