(update) RockYou admits security snafu exposed email login details

John Leyden reports:

Social media application developer RockYou has vowed to improve its security and apply encryption following a breach that exposed 32 million user login credentials to hackers.

Sensitive login credentials – stored in plain text – were left open to attack as a result of an SQL injection vulnerability in RockYou’s website. In a statement, RockYou said the exposed password credentials applied to widgets it develops and potentially exposed user password and email addresses. The developer said user credentials about RockYou applications on partner sites – including Facebook, MySpace, and Orkut – was not exposed by the admitted breach.

Read more on The Register.

About the author: Dissent

Comments are closed.