Application developer RockYou has been sued in Federal Court because of a security breach resulting in exposure of millions of email addresses and other personal information. The plaintiff is seeking class action status. Interestingly, the legal theory is based on a recklessness standard. Lawsuits like this present another good reason for publishers to outsourse functions like user login to providers such as JanRain, Facebook Connect, etc. Staying ahead of hackers is a never ending process. Storing such information can be dangerous. More from the article in MediaPost:
An Indiana resident has sued application developer RockYou for an alleged security breach that exposed 32 million users’ email addresses and passwords and social networking log-ins.
“While some security threats are unavoidable in a rapidly developing technological environment, RockYou recklessly and knowingly failed to take even the most basic steps to protect its users’ [personally
identifiable information],” the lawsuit alleges.
The lawsuit, brought on behalf of Evansville’s Alan Claridge, alleges that until Dec. 5, RockYou stored users’ information without “hashing, salting or any other common and reasonable method of data protection.”
Claridge is seeking class-action status. The complaint, filed Monday in federal district court in the northern district of California by the law firm KamberEdelson, alleges that RockYou broke its contract with users, was negligent, and also violated various California laws.
Full article from MediaPost