In December 2009, RockYou—a social networking application site—suffered a breach of its systems that exposed the email addresses and passwords of over 32 million users.

RockYou offers online applications that run on popular social networking sites such as MySpace, Facebook, and Friendster, and has over 64 million monthly users. The hacker published all 32 million passwords on the Internet (but without the matching email username information).

What went wrong? It was later discovered that the hacker had accessed the information by exploiting a SQL injection flaw, despite RockYou being previously warned of such vulnerabilities by a data security firm. Compounding the problem were RockYou’s poor password policies and practice of storing password information in clear text—in other words, unencrypted data. RockYou enforced a mere five-character minimum password length, and did not require that the passwords contain any numbers or symbols. Moreover, RockYou emailed users their passwords in clear text. More...

Categories: Technology

Actions: E-mail | Comments


Submit Blog

If you wish to submit a blog posting for DRI Today, send an email to with "Blog Post" in the subject line. Please include article title and any tags you would like to use for the post.

Search Blog

Recent Posts




Staff Login