Social Networking Site Settles FTC Charges

The social networking site RockYou has agreed to settle FTC charges that its security flaws allowed hackers to access the personal information of 32 million users. The FTC complaint also alleges that the company collected info from more than 100,000 kids in violation of the Children’s Online Privacy Protection Act (COPPA). RockYou will pay a $250,000 civil penalty for the alleged COPPA violations.   

What happened? To save slideshows and other content for later, RockYou users had to provide a valid email address and the password for that address; the form also requested their birth year, gender, country, and zip code. RockYou sent users a confirmation email that asked them to verify their account and change their password – but didn’t require that users enter a different password from the email password already provided.

The company stored users’ RockYou passwords in clear text, which made it easier for hackers to gain access to the information. The FTC charged that RockYou failed to defend against commonly known forms of hack attacks, which led to the data breach. Because many people use the same passwords for different accounts, hackers could have accessed other personal information, as well. 

Kids Privacy IconWhat about kids who visited RockYou? For a two-year period, RockYou accepted registrations from approximately 179,000 kids under 13. The FTC charged that RockYou knowingly collected kids’ email addresses and associated passwords during registration – without their parents’ consent – and enabled children to create personal profiles and post personal information on slideshows that could be shared online. In addition, the FTC alleged that the company’s security failures put kids’ personal information at risk.

The FTC charged that RockYou violated COPPA by:

  • not spelling out its collection, use and disclosure policy for children’s information
  • not getting verifiable parental consent before collecting children’s personal information
  • not maintaining reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children

The proposed settlement bars deceptive claims and requires RockYou to put in place a data security program that includes independent third-party security audits every other year for 20 years. It also requires RockYou to delete information collected from kids under age 13 and mandates future COPPA compliance. 

To help people stay safe, secure and responsible online, OnGuardOnline.gov offers games and activities for kids and resources for parents.

Comments

Has anyone thought that it may be time to start teaching children about the dangers of the internet, how this infornation can be used against you and that the information is there for eternity. It's basically a public forum and a clear insite to the way you think, what you do, where you live, you social activities, etc, ect, etc. I'm sure NSA loves it.

NVRPC, OnGuardOnline.gov features games and activities designed to help teach kids about the challenges of living life online. You can find them higlighted on the kids page. Additional resources also are available for parents and teachers.

have a new pc-think spouse uses moible +aother users /files photos /i amm the only user on pc. tried for weeks for info.no luck.

Bravo, seems to me, is a magnificent phrase

i thought i could get help. no luck from anyone

I am on the gov sites microsoft threw all that did not pertain too them awayy! And my issue till today I was hacked.. By these anops they took over i did the new you name my name!! I reported all over no one cared! LEONOR Arango

Hi I have no clue what network I am FTC want to know.
w3wsa, not my network. You answered for disabled person. All laws do not apply with out due process. I am paying lots, for being hacked FB not reporting. I am not being treated with any dignity. Now instead of sending link after link and skins, I am still at it. Really send appeal, i do not if my name on blogs, post, It was not me.

It is very difficult to protect children who are now more computer literate than their parents from hackers, accessing adult materials, playing video games and adult films on the Internet. Parents and teachers have a vital role to play in minimising exposure to Internet scams and abuse. Co-operation with the FTC in their efforts to stem the tides of abuse exposure to all the attendant dangers created by Internet activities is important and essential in eliminating this Internet cancer.

Leave a Comment

Commenting Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.