Two years after massive data breach, NJ AG weighs in

Lipstick Traces

We’d like to give you some background on i-Dressup.com, but the site no longer exists.

The Facebook page for i-Dressup (“Dress up games for people who love fashion”) features countless images, generally cartoons of young women and their outfits labeled by category (“little orange dresses,” “Summer BBQ Party Outfits,” “Girl Equestrian”). Perhaps i-Dressup.com featured an online version of old-school paper dolls; perhaps the games were more complex.

What we can be sure about are the players who were left behind when the site went down. They had some strong feelings about the disappearance of their former hangout:

I-dressup is gone.I still can't believe it. I lost all my friends forever! :(

I miss I dress up sooooo much. I miss my virtual room,clothes,fashion avenue and especially contests.������������contests were the best part of I dressup. I will miss buying rare stuff too .I had six bunny dolls, they were so cute��������

will we be able to play ever again?? ive been on this game since i was 9 ;_;

Typographical errors and emojis appear in the original, we swear.

Breaches

What happened to i-Dressup? According to technology news site Ars Technica, the site suffered a major data breach in September 2016. A person claiming to be the hacker told the publication that the site had taken about three weeks to breach but had yielded 2.2 million account credentials with the potential to leak even more. Ars Technica verified that the user IDs, which had been uploaded to the web, were real.

It’s unclear when, exactly, the site shut down. But one saddened former community member posted a missive on the i-Dressup Facebook page that indicated the site had been shuttered since October 2016.

The latest chapter in this dramatic, impeccably decked-out saga closed in early August 2018, with a consent order issued by New Jersey Attorney General Gurbir S. Grewal.

According to the order, i-Dressup was owned and operated by Unixiz Inc., a California-based company. In the wake of the breach, the Garden State launched an investigation into Unixiz and claims to have discovered violations of the Children’s Online Privacy Protection Act (COPPA) and the New Jersey Consumer Fraud Act.

The violations related to a lack of safeguards for the stolen user information, but also for the improper collection of children’s personal information and failure to obtain parental consent. The investigators claimed that Unixiz had actual knowledge that many of its users were under 13 years old.

The Takeaway

In the consent order, Unixiz promised to shut down the (already-closed) i-Dressup site and reform its data collection and storage policies to bring them in line “with all laws protecting the privacy of children and others online.” It was also hit with more than $98,000 in fines.

It’s not clear if Unixiz is running any additional children’s sites where these changes will make a difference; but if they do launch new services in the future, a quick glance at their own Facebook page might clue them in to the age of their users:

I want i-dressup back. I've been on this game since I was 8..aww.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.