The FTC charged that, while touting its security features, RockYou failed to protect the privacy of its users, allowing hackers to access the personal information of 32 million users. The FTC also alleged in its complaint that RockYou violated the Children's Online Privacy Protection Act (COPPA) Rule in collecting information from approximately 179,000 children.
In agreeing to FTC's settlement, RockYou has been barred from future deceptive claims regarding privacy and data security, has to implement and maintain a data security program, must submit to security audits by independent third-party auditors every other year for 20 years, is barred from future violations of the COPPA Rule, is required to delete information collected from children under age 13, and must pay a $250,000 civil penalty. You can read the full 12-page complaint from the FTC here: PDF.
RockYou operated a website that allowed consumers to play games and use other applications, including one that let you create slide shows from your photos, add your own captions and music supplied by the site. To save your slide shows, you had to enter your e-mail address and password.
As a refresher, here were the top 10 passwords used by RockYou users:
If any of these resembles your password, please go change it. If you are still storing your customer data in plain text, please go encrypt it.