It’s crucial that you fully understand the software platform that you are using to host your social networking site, and never just assume it’s secure. For example, regardless of which platform you use to run your site, you need to be aware of a common security fault: User profiles stored in a database with plain text passwords.

RockYou, the social network app maker, discovered this recently when a hacker gained access to its 32 million user accounts–including unencrypted passwords and email addresses. Since many (if not most) people rely on a single password for multiple sites, having this information puts their users’ in harm’s way.

Well-designed community platforms won’t make this rookie mistake. Most will rely on password hashing. This means encrypting a member’s chosen password before it’s stored in your database. When they log in, the password they supply is encrypted again using the same “hash code” and compared to the stored value.
This way, if someone gets access to your database, they will not be able to get hold of you member’s passwords.

Given the funding and resources RockYou had to rely on, this is a surprising mistake, and one any social networking site needs to guard against.