A federal court will permit Baidu, Inc., a leading Chinese search engine company, to sue Register.com for gross negligence, recklessness, and breach of contract.
The lawsuit arose after a hacker took over Baidu’s Register.com account and interrupted its service for two days in January 2010. Among other things, the hacker redirected Baidu’s users to the Web site of the Iranian Cyber Army. Baidu claimed the hacker wrested control of Baidu’s account as a result of errors made by Register.com’s tech support Internet “chat” staff. According to the complaint: ”Although the Intruder gave the Rep an incorrect response to [a] security question, the Rep nonetheless proceeded with processing the Intruder’s request to change Baidu’s email address; [and] [w]hen the Intruder sent the Rep a bogus security code, the Rep did not notice that it was the wrong code, apparently because the Rep didn’t even bother to check it against the original security code.” The Intruder then allegedly changed the password and hacked into Baidu’s account. Baidu claimed injury to its reputation and business totaling “millions” of dollars. Read more »
The FTC has consistently brought enforcement proceedings against companies that do not follow their own privacy policies (see examples here, here, and here). In the most recent example of this trend, the FTC has settled charges that an Arizona company called LifeLock Inc. had made false promises about the extent of its data security measures. You can read the settlement agreement here.
LifeLock casts itself as the “industry leader in the rapidly growing field of identity theft protection” providing its customers with “early notification of identity threats” (fraud alerts). The company advertised in print and on radio, television, and the Web. While marketing the service, the company collected personally identifiable information for more than one million customers. The FTC complaint alleged, among other things, that the service did not prevent identity theft, as advertised. Read more »
If you are a provider of sensitive Web-based services, do you send all data exclusively using secure sockets layer (SSL) protocol? The Electronic Frontier Foundation — citing a March 17th FTC “roundtable” speech by Commissioner Pamela Jones Harbour – reports that SSL is now on the FTC’s agenda. While the largest Web services (Yahoo!, Facebook) will give a lot of thought to Commissioner Jones’ comments, we believe all providers of cloud-based services that trade in sensitive information should give their users the option of using SSL (or, better yet, default to SSL). Not only does this demonstrate a commitment to protecting sensitive information about customers, it also helps minimize online fraud and data theft.
Court Cases, Domain Names, Security | editor | 
July 27, 2010 10:07 am | 
Comments (4) 
Subscribe