The concessions include not engaging in deceptive claims regarding privacy and data security, maintaining a data security program, and not violating the Children's Online Privacy Protection Act (COPPA).
In its complaint against RockYou, the FTC alleged the company collected information from 179,000 children. Federal law bars the collection, use, or disclosure of personal information for children under 13 years old without their parent's consent. Information collected by RockYou from users who wish to use its website includes date of birth.
The FTC's action against RockYou was part of the agency's to ensure companies live up to any claims they make that they will protect consumers' data.
The FTC wasn't the only one out to punish RockYou after the massive data breach was discovered in November 2009. An Indiana man, Alan Claridge, also against the company. The case was eventually for $2000, plus legal fees, which amounted to $290,000.
The RockYou breach wasn't only significant because of its size--it was also an example of bad password practices. A used by RockYou members showed a preponderance of trivial ones: 12345, 123456, password, rockyou, and such.
Using a dictionary of the 5000 most commonly used passwords, the study found, a brute force attack could crack 1000 passwords every 17 minutes.
Follow freelance technology writer and on Twitter.