Fashion game forced offline by US watchdog following 2016 hack

A teen social website which fell victim to a hack in 2016 has been forced offline after it improperly collected the data of children aged under 13.

Online game i-Dressup – a fashion-focused social media site – exposed the details of more than 2 million users when an unknown person hacked into the website using an SQL injection attack.

The hacker downloaded the passwords of the 2.2 million individuals – all of which were stored in plaintext.

Other personal information available included names, dates of birth, email addresses, and genders.

Yesterday, it was reported that US investigators found that California-based parent company Unixiz improperly collected details on users under the age of 13.

State watchdogs ruled that the company did not obtain verifiable parental consent, despite knowing some users were children – which is in violation of the Children’s Online Privacy Protection Act.

The website was subsequently shut down, confirmed Paul Rodriguez, acting director of the US Division of Consumer Affairs.

He added: “As a result of our investigation, Unixiz agreed to shut down the i-Dressup website and to reform its practices to comply with all laws protecting the privacy of children and others online.”

Lawyers for Unixiz claimed that it “worked diligently to comply with its legal obligations and protect its users’ information”.

Unixiz was fined £34,000 and was made to sign a consent agreement which, if broken within two years, will cost them a further $64,618 in penalties.