January 21, 2009

Is RockYou Trying to Commit Startup Suicide?

By Mona Nomura of Pixel Bits (FriendFeed/Twitter)

RockYou, the popular Social Media widget platform, has won awards. They've also raised more than $50 million in funding. They may have outstanding applications and widgets, but the company seems like it's trying to commit start-up suicide - by e-mail. If e-mail etiquette faux-pas were a crime, they would have a life sentence, as RockYou has leaked private information not once, twice, but three times - yesterday's being the most recent example. Yesterday, RockYou forgot to BCC recipients, again, and blasted an e-mail exposing everybody's address in the CC field.


(e-mail addresses and source blurred out for privacy reasons)

At least this time, RockYou only disclosed e-mail addresses. Last November, RockYou's accounting department sent a mass e-mail requesting W-8/W-9 information to a mailing group address.


It sounds harmless, but according to my source, people were replying to the mailing list with private information. One company even attached a scanned copy of their W-9. RockYou took immediate steps to rectify their mistake by sending another e-mail, asking the recipients to instead fax their private information.


Two major errors even after they were reamed for their first error. RockYou's first major offense happened on September 16, 2008, when they sent an e-mail announcement of the site redesign -- revealing 200+ e-mail addresses. (full e-mail too long to display here, but can be viewed here, here, and here) Apparently, the recipients were added to third party spam distribution lists which caused a bit of frustration. So much so, a Facebook group: "RockYou Leaked Mailing List Support Group" was spawned from RockYou's mistake. How and why they continue repeating the same mistakes is beyond me. Especially since the second mistake could have lead to severe consequences because their ad-partners were replying to the mailing list with tax information. But oddly, the company continues to get raves from the Facebook fan base, despite the issues.

After the first major screw-up, AllFacebook's Nick O'Neill published a blog post and Tweeted:


But where is the post on AllFacebook?

404 - hmmm.

Odd. A quick Google search led me to an archived copy here and the AllFacebook blog post was copied and pasted on the Facebook group's wall. An excerpt:
"How large this slipup is has yet to be determined since I haven’t had time to parse through the hundreds of emails that were displayed. One thing is for sure: Aaron Choi will probably be jobless starting tomorrow."
AllFacebook published the article and immediately took it down - bizarre. Either which way, it is irresponsible and careless for a company to keep repeating the same mistake. Especially after cluttering the recipient's inbox with follow-up apology e-mails.

So even if e-mail etiquette may be a lame subject, faux-pauxs still occur.
Don't forget to BCC, folks!

Michael Arrington of TechCrunch also caught yesterday's slip here: RockYou Continues To Combine Spam With Stupidity

(Thank you, D!!)
Read more by Mona Nomura at Pixel Bits