FTC Settles With RockYou Over Breach That Exposed 32 Million E-Mail Addresses & Passwords

More than two years after a breach at RockYou — the folks behind a number of popular Facebook apps and other online games like Zoo World — exposed the personal information of 32 million users to hackers, the company has finally reached a settlement with the Federal Trade Commission.

The FTC went after RockYou following the Dec. 2009 breach because the company had misled users by touting the security of users’ information. It also charged RockYou with violating the Children’s Online Privacy Protection Act by collecting information from approximately 179,000 children.

If approved, the settlement would bar RockYou from making deceptive claims regarding privacy and data security and require the company to implement a data security program and submit to 20 years of security audits.

RockYou must also delete information collected from children under age 13 and pay a $250,000 civil penalty for its alleged COPPA violations:
* not spelling out its collection, use and disclosure policy for children’s information;
* not obtaining verifiable parental consent before collecting children’s personal information;
* not maintaining reasonable procedures, such as encryption to protect the confidentiality, security, and integrity of personal information collected from children.