On Wednesday, the Federal Trade Commission resolved the case of Onixiz, owner of i-Dressup, an online flash game website that dresses up virtual dollies and designs clothes. Complaints state that websites violate the Children's Online Privacy Protection Act (COPPA), jeopardizing the data security of youth users.
i-Dressup is very similar to all flash game websites you remember since the early 2000s. "Sexed-Up Style", "Floral Hats" and "Feminine Ruffle". Some of them can still play on other dress up sites that have been torn and re-posted.
COPPA requires that companies providing online services or targeting children under 13 maintain parental consent and certain privacy standards, such as providing "reasonable" data security. FTC for young users Complaints claim that i-Dressup did not test compliance on both sides.
Data security issues are particularly noticeable. 2016 Ars Technica reported that this site exposed passwords that are in plain text and belong to more than 5.5 million user accounts and that hackers can use SQL injection attacks to download millions of credentials. -Dressup's security infrastructure or lack thereof. According to the press release, approximately 245,000 users were under the age of 13.
In response to a data breach incident in 2016, the website was finally forced offline by the New Jersey Consumer Protection Agency. . "Children are very vulnerable on the Internet and we need to take every possible action to prevent an advertiser from exploiting or tracking Internet predators," New Jersey Attorney General Gurbir S. Grewal said. But apparently it was not mentioned in the FTC press release this week.
On the Facebook page of the website "i-Dressup.com" response to the game dress for fashion lovers "deletion of the website" I can not open I-dressup.Its. "I was surprised." Others said, "This was my favorite game in the world, I did not realize that I was hacked." And "I can not play games."
Fixed the case for COPPA. , The owner of the i-Dressup will pay US $ 35,000 for civil penalties, which will be forwarded to the US Treasury Department. According to the FTC, owners of the i-Dressup said, "We are prohibited from violating COPPA in the future and can not sell, share or collect personal information until we implement a comprehensive data security program and receive an independent evaluation every two years. "
No word on whether i-Dressup will restart in the future