Skip to main content

RockYou Reaches Settlement With FTC Over Exposing User Information

Social gaming site RockYou has reached a settlement with the Federal Trade Commission after a data breach that took place in 2009.

According to CNET, hackers managed to infiltrate RockYou's database and gain unlawful access to personal information belonging to over 32 million of the site's users - with the FTC alleging that RockYou also violated the Children's Online Privacy Protection Act Rule (COPPA Rule) through the collation of data such as the birthdays of approximately 179,000 youngsters.

RockYou is to pay a civil penalty of $250,000, submit to regular audits as well as enforce a data security programme.

"The FTC alleged that RockYou knowingly collected approximately 179,000 children's email addresses and associated passwords during registration - without their parents' consent - and enabled children to create personal profiles and post personal information on slide shows that could be shared online," states the FTC.

"The company asked for kids' date of birth, and so accepted registrations from kids under 13."

CEO of RockYou, Lisa Marino, referred to the settlement as 'fair'.

"We appreciate the work the FTC has done in this process as they have been fair, reasonable and timely throughout," she said. "The events that led to this complaint occurred over two years ago and we have long since removed the features that led to this investigation. The focus of our business has evolved - we no longer operate applications such as those included in the complaint."

The FTC to date has taken legal action against approximately 36 businesses for failing to protect consumer information despite claims made by the companies to offer safety measures concerning personal data.