(update) RockYou admits security snafu exposed email login details
John Leyden reports:
Social media application developer RockYou has vowed to improve its security and apply encryption following a breach that exposed 32 million user login credentials to hackers.
Sensitive login credentials – stored in plain text – were left open to attack as a result of an SQL injection vulnerability in RockYou’s website. In a statement, RockYou said the exposed password credentials applied to widgets it develops and potentially exposed user password and email addresses. The developer said user credentials about RockYou applications on partner sites – including Facebook, MySpace, and Orkut – was not exposed by the admitted breach.
Read more on The Register.