On Wednesday, the Federal Trade Commission resolved a case with Onixiz, the owners of i-Dressup, an online flash game site dedicated to dressing virtual dolls and designing clothes. According to the complaint, the website violated the Children's Online Privacy Protection Act (COPPA) and put the safety of young users' data at risk.
i-Dressup operated in a very similar way to any flash game website you remember from the 2000s. It presented timeless classics such as "Sexed-Up Style", "Floral Hats" and "Feminine Ruffle", some of which you can still play in other costume sites that have apparently broken the games and re-published them.
COPPA requires that companies that provide online services or services to children under the age of 13 maintain specific privacy standards, such as receiving parental consent and providing "reasonable" data security for their young users. The FTC complaint states that i-Dressup did not pass the compliance test on both fronts.
The data security problems were particularly pronounced. In 2016, Ars Technica reported that the site exposed passwords belonging to more than 5.5 million user accounts in plain text and a hacker was able to download millions of credentials by using an injection attack SQL, which exploited the vulnerabilities in i -The security infrastructure of Dressup, or lack of it. According to the press release, around 245,000 of those users were under the age of 13.
It was not until 2018 that the New Jersey Department of Consumer Affairs finally forced access to the network in response to the 2016 data breach. In a statement at the time, New Jersey Attorney General Gurbir S. Grewal said: "Children are extremely vulnerable on the Internet and we must do everything possible to protect them from being exploited by advertisers or tracked by Internet predators. " "It's not clear, but they certainly were not addressed in the FTC's press release this week.
In the comments of the posts on the Facebook page of the website" i-Dressup.com Dress up games for people who loves fashion ", the reactions to the removal of the website included the writing of a user," I can not open i-dressup.Its showing SQL ERROR … why? I'm scared. "Others said," This was my favorite game in the world. I can not believe it's been hacked "and" I can not play the game. "
To resolve the COPPA Violations case, the owners of i-Dressup will pay $ 35,000 in civil fines, which will go to the United States Treasury According to the FTC, the owners of i-Dressup are "prohibited from violating COPPA in the future, and can not sell, share or collect personal information until they implement a comprehensive data security program and obtain independent biennial evaluations." You will also be asked to submit annual compliance certificates to the agency in the future.
There is no news from i-Dressup about whether it will be relaunched in the future.