i-Dressup, where you can dress up virtual dolls and design clothes underwent a data beach in 2016. Now, Onixiz- the owners of i-Dressup have settled the data breach with the Federal Trade Commission. The online flash game website for dressing up had apparently violated the Children’s Online Privacy Protection Act (COPPA) and put the children’s data security at risk.
According to COPPA, websites or online services that are specifically made for kids under the age 13 require to maintain certain standards- including data cybersecurity and parental consent. The Federal Trade Commission had complained that i-Dressup didn’t actually test for compliance for both these requirements.
When it comes to data protection, i-Dressup lacked particularly. There were plenty of reports that showed how the site was exposing nearly 5.5 million user’s passwords. The passwords were available in plain text and were easily accessible for a hacker, who could download it with a SQL injection attack. Millions of credentials were hacked and breached as the security infrastructure at i-Dressup was vulnerable.
It’s a serious issue because i-Dressup has nearly 245,000 users under the age of 13. Last year, the website was forced to go offline by the Department of Consumer Affairs, New Jersey. Now, finally settling the case, i-Dressup is paying $35,000 in civil penalties. The FTC has “prohibited (i-Dressup) from violating COPPA in the future, and can’t sell, share, or collect any personal information until they implement a comprehensive data security program and get independent biennial assessments.”