FTC Fines RockYou $250,000 For Storing User Data In Plain Text 127
An anonymous reader writes "You probably don't remember the RockYou fiasco as it happened in late 2009. In case you don't, social game developer RockYou suffered a serious SQL injection flaw on its flagship website. Worse, the company was storing user details in plain text. As a result, tens of millions of login details, including those belonging to minors, were stolen and published online. Now, RockYou has finally settled with the Federal Trade Commission."
They fined RockYou like a hurricane! (Score:0, Funny)
Re:They fined RockYou like a hurricane! (Score:2, Funny)
We will
We will
Rock You!
We will
We will
Fine You!
Reasons to store in plaintext (Score:5, Funny)
* Some users like to be reminded of their password if they forget. If you lost your password, what kind of email would you rather get?
"Your password has been reset, and your new password is dFgk3b&4k72"
or,
"Your password is iloveyou123"
* You might decide to fire up phpmyadmin and browse the `users` table for fun one day.
* If you're going to hash the passwords, you should salt it too, and that just introduces too much complexity and things to screw up. Keep it simple!
* Your boss doesn't know what a hash is, why should you?
Re:Reasons to store in plaintext (Score:5, Funny)
This isn't fair... (Score:4, Funny)