RockYou Settles Case Alleging Failure to Protect User Login Information

As we wrote in January 2010, RockYou Inc., maker of certain social media applications, was sued in California for failure to protect consumers' information, including usernames and passwords. The plaintiff argued that because these combinations were usually a user's email address plus the same password that the user employed for the email account, if this information was accessed by an unauthorized third party, the consumer would be put at risk. In particular, that unauthorized third party could use the information to log into the user's email account and access potentially sensitive information within the user's email inbox. During the case, the Northern District of California noted that RockYou may have been in violation of its website terms of service because it had not encrypted email addresses and login information. This case has now settled, with RockYou agreeing to audit its security systems for the next three years, to pay named plaintiff in the class action lawsuit $2,000, and to pay plaintiff's counsel almost $300,000 in fees.

TIP: When developing a security program for your company, make sure that you consider more than just financial information or social security numbers when determining what should be encrypted or otherwise receive heightened protection. Consider as well information that, if accessed by an unauthorized third party, might put customers in jeopardy.