RockYou settles with FTC over security flaw charges

According to the FTC, although RockYou touted the strength of its site’s security, security flaws allowed hackers access the personal information of 32 million users. The FTC also brought charges against RockYou for violating the Children’s Online Privacy Protection Act Rule (COPPA Rule) by collecting personal information from roughly 179,000 children — many of whom were younger than 13-years-old — without their parents’ consent.

The settlement bars RockYou from violating the COPPA Rule in the future, requires the company to create and maintain a data security program and pay a $250,000 civil penalty. Additionally, RockYou will delete all information previously collected from users younger than 13-years-old and submit to security audits by independent auditors every other year for 20 years.

When we contacted RockYou about the settlement, CEO Lisa Marino responded with the following statement:

RockYou is pleased to reach a settlement and gratified to put this matter behind us. We appreciate the work the FTC has done in this process as they have been fair, reasonable and timely throughout. The events that led to this complaint occurred over two years ago and we have long since removed the features that led to this investigation. The focus of our business has evolved – we no longer operate applications such as those included in the complaint, and we are in full compliance with Facebook’s policies. 

The settlement continues RockYou’s efforts to turn itself around after a troubled year and a half. The developer laid off over half of its workforce in November 2011. At the time Marino told Inside Social Games, “we made a lot of mistakes in the last 12 months,” but also stated the company was expecting to be profitable for the first time this year.