(WEB HOST INDUSTRY REVIEW) — Following a breach at the beginning of the month that exposed 32 million user login credentials to hackers, social media app developer RockYou (www.rockyou.com) has made a commitment to improving its security and apply encryption.
According to The Register and other news outlets, unencrypted user information was open to scammers due to an SQL injection vulnerability in RockYou’s website. RockYou explained in a statement that the exposed data applied to widgets in development, and potentially exposed user password and email addresses.
“[O]ne or more individuals illegally breached one of our databases that contained the usernames and passwords for about 32 million users in an unencrypted format,” the company stated. “It also included these users’ email addresses.”
RockYou noted, however, that log-in information for applications on partner sites such as Facebook, MySpace, and Orkut were not exposed.
RockYou was first alerted to the the breach on December 4, and it promptly closed the site to fix the problem, according to the company’s statement.
The company recommends that its users change their passwords for their email and other online accounts if they use the same login information for multiple online services.
To stop this from happening again, RockYou is applying security improvements that include encrypting all passwords and upgrading its legacy platform to one that offers the same security protocols used by its partner application platforms.
No related posts.
