Social-networking application maker RockYou Inc. suffered a database breach that allowed hackers to access username and password information on more than 30 million people, according to Computerworld.
According to a statement by RockYou posted on TechCrunch, the company says it first learned of the breach Dec. 4:
RockYou immediately brought down the site and kept it down until a security patch was in place. RockYou confirms that no application accounts on Facebook were impacted by this hack and that most of the accounts affected were for earlier applications (including slideshow, glitter text, fun notes) that are no longer formally supported by the company. RockYou has secured the site and is in the process of informing all registered users that the hack took place.
Apparently, Imperva notified RockYou of a serious SQL injection flaw in its database. RockYou did not respond to Imperva, and now a hacker has accessed 32,603,388 accounts complete with plain text passwords.
Security breaches have dominated the news recently. As we reported on our Network Security Edge site, an Internet phishing scam put the personal information of more than 600 University of California-San Francisco patients at risk. In addition, two security breaches put the personal medical information of an estimated 10,000 Detroit citizens at risk.