AdultFriendFinder hack dumps dirty data on black market

Written by on November 15, 2016 in Guest Blog with 0 Comments
Vladimir Gjorgiev / Shutterstock.com

Vladimir Gjorgiev / Shutterstock.com

The AdultFriendFinder Hack compromised over 400 million accounts representing 20 years of customer data. The AdultFriendFinder hack reportedly compromised a massive 412 million accounts, email addresses and passwords from its websites, dumping them on the black market.

Deleted account information breached and stolen

The massive data breach shined light upon another sensitive matter: it seems the company continued to store information on 15 million accounts even though users had deleted them. At the same time, it also kept information for former assets no longer in its possession, such as Penthouse.

According to leakedsource, the system was hacked via a Local File Inclusion exploit.  Just last month a researcher said Adult Friend Finder was vulnerable to file inclusion vulnerabilities (CSO).

A researcher called “Revolver” known for exposing application flaws posted screenshots showing Local File Inclusion vulnerabilities on Adult Friend Finder last month. The incident marks the second time in just over a year that the internet hook-up destination has had security problems. Revolver denied he was behind the data breach, and instead blamed users of an underground Russian hacking site.

ZDNet confirmed that the three largest site’s SQL databases included usernames, email addresses, and the date of the last visit, and passwords, which were either stored in plaintext or scrambled with the SHA-1 hash function, which by modern standards isn’t cryptographically as secure as newer algorithms. Leakedsource said it was able to crack 99 percent of all the passwords from the databases.

AdultFriendFinder Hack – Company Response

Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation,” said Diana Ballou, vice president and senior counsel, in an email on Friday.

“While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability,” she said.

“FriendFinder takes the security of its customer information seriously and will provide further updates as our investigation continues,” she added.

More on TechTimes and ZDNet.

This article was first published on CyberSec.Buzz

Tags: , ,

About the Author

About the Author: Jonathon has been lurking around the Telecoms and Internet space for the last 20 years. He is now a man on a mission – that being the reformation of the Industry Analyst business. He is working with his co-conspirators on transforming the Industry Analyst world forever as an Expert with EMI. .

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top