Rockyou Hack

As Imperva warned RockYou that they have serious SQL injection flaw, someone already hacked all 32 million user’s passwords. In exact amount, 32,603,388 user’s account password has been hacked. The guy (maybe guys) who hacked those accounts already sent sample with email address they got through RockYou database. Lucky they deleted password in sample. RockYou has been cheating to users. They saved user’s passwords in just simple plain text without protection.

The guy who hacked accuont warned RockYou not to cheat their users or he/she/they will publish all 32,603,388 user’s account password in internet. The company  replied to this news saying

On December 4, RockYou’s IT team was alerted that the user database on RockYou.com had been compromised, potentially revealing some personal identification data for approximately 30M registered users on RockYou.com. RockYou immediately brought down the site and kept it down until a security patch was in place. RockYou confirms that no application accounts on Facebook were impacted by this hack and that most of the accounts affected were for earlier applications (including slideshow, glitter text, fun notes) that are no longer formally supported by the company. RockYou has secured the site and is in the process of informing all registered users that the hack took place

And even they sent mail to their users saying

Dear RockYou user,

As you know, RockYou takes our users privacy very seriously.  We take

a lot of effort to protect user data from security breaches and attacks.

Unfortunately, RockYou has very recently learned that it encountered a security breach.  As part of this breach, it is possible that someone may have accessed at least your email address and password for the RockYou system.  We felt it was important to notify you of this immediately so that you could take any action you feel necessary to protect your privacy.

If you have any questions, please feel free to contact security@rockyou.com.  We are sorry for any problems this has caused you.

The RockYou team

This isn’t enough yet. RockYou has some more stupidity in past also. I would like to post that here once.

They mailed to all advertisers (total 450) for their new website RockyouAds. But they pasted everyone’s email Id in CC field which let everyone to know each other’s email address. This caused a lots of mail forwarding. Because of this, one of the executive staff apologized but this happened once more.

Once more was not enough for them, so they again did same mistake but this time this was little bit more. They sent mail to all their advertisers once again saying that they would deliver 600 million impressions each day. But it was cc’d once more and annoyed their advertisers again. It was nearly to spam message.