Hyperguarding your Web Applications

Some Rocky Times for RockYou

Posted by hyperguard on January 13, 2010

SQL injections are one of the biggest problems in web application security—we’ve seen it with Heartland, 7-Eleven and Hannaford Brothers, and now RockYou.  These attacks are widely known and publicized; however, it still takes companies, who have experienced attacks, 67 days to resolve these issues!

Early December, RockYou, provider of third-party apps for Facebook, MySpace and other social-networking, suffered a data breach that exposed nearly 32 million RockYou users’ e-mails and passwords.  This information had been stored in plain text and was vulnerable through a SQL security hole.  Now, Alan Claridge, an affected user, filed for a proposed class action lawsuit on December 28 for failing to properly secure his data, allowing hacker ‘igigi’ to gain access to it and failing to promptly notify him about it.

Although, we are not certain of the exact technology being used by RockYou, but if a dWAF was being used it could have prevented this hack and saved the company from this disaster.  More importantly, RockYou could have protected its’ customers’ PII (personal identifiable information).  Because a dWAF is flexible it allows patches to be applied with minimal disruption to the network—quite helpful for situations like these.

Moving forward RockYou will be further investigating the breach, reviewing its security protocols and implementing new practices:

  • Encrypting all passwords
  • Upgrading the legacy platform with the same infrastructure and industry standard security protocols we employ on our partner applications platforms
  • Reviewing our current data security features and ensuring that they meet industry standards and best practices

To read more background on the RockYou breach check out SC Magazine’s article.

Follow this discussion on Twitter @hyperguard


One Response to “Some Rocky Times for RockYou”

  1. […] Some Rocky Times for RockYou […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: