RockYou, the website which provides widgets and applications for some of the major social networking sites such as Facebook, MySpace and Bebo has come under attack from hackers who have managed to retrieve more than 32 million usernames and passwords using a technique known as SQL Injection which involves inserting commands in SQL through website queries.
Security analysts advised users to change the username and password of each and every social networking account which was exposed to the services of RockYou which was formerly known as RockMySpace.
The website, which had registered millions of social networking site users, allowed them to create simple 5-character passwords that were stored in plain text in the website’s database.
The HelpNet security blog has reported that the hack was a major threat to the security and privacy of many affected users as their RockYou usernames and passwords were the same as their email accounts on Hotmail, Yahoo or Gmail.
The blog advised users to change their email account credentials. The customers who use the same username and passwords for different websites are likely to be more vulnerable to attacks than others.
RockYou issued a statement responding to a report on Tech Crunch blog which said that “RockYou has secured the site and is in the process of informing all registered users that the hack took place.”
That's pretty embarrassing, isn't it, for the 32 million or so usernames and matching passwords that have possibly been stolen. It is quite ironic that the sole purpose of the website was to create secure usernames and passwords for them. RockYou customers will need to urgently change their personal settings.