A new lawsuit filed in the US claims that a hacker was able to steal the personal information of over 32 million social networking users after exploiting flaws in the security of software produced by the development firm RockYou.
RockYou is behind popular applications used on both Facebook and MySpace and since its creation 4 years ago it has become a major force involved in many of the biggest social networking sites, including Bebo.
The RockYou data vaults hold the personal information and profile passwords of many millions of people from around the globe and a hack which exploited an SQL injection vulnerability could have given the attackers the chance to steal all of this data for their own use, according to the plaintiffs in the suit.
It has been alleged that the breach is particularly severe because the personal data could also be used to access other online accounts held by the same users, including webmail services, which could have serious consequences.
The lawsuit has been filed by Alan Claridge, who allegedly had his data stolen after he used a RockYou photo sharing application online. Mr Claridge claims that his credit card details are amongst the compromised information which has been taken from his online accounts and the notification of the loss was only received by him last week.
Mr Claridge believes that RockYou has neglected its responsibility to ensure the security and integrity of the personal data relating to its many customers. It is also accused of exercising less than adequate care when storing data in unencrypted formats.
The final issue raised in the lawsuit is the disparity between the date upon which RockYou was made aware of the hack and the two week period during which it allegedly chose to conceal this fact from its customers.
At this time RockYou has not commented on the legal action which has been brought against it, but whatever the outcome of the case it is likely to have a significant impact on social networking websites and their customers on a global scale.
