adultfriendfinder hack
Massive breach due to lax security procedures?

The AdultFriendFinder Hack compromised over 400 million accounts representing 20 years of customer data

The AdultFriendFinder hack reportedly compromised a massive 412 million accounts, email addresses and passwords from its websites, dumping them on the black market.

Deleted account information breached and stolen

The massive data breach shined light upon another sensitive matter: it seems the company continued to store information on 15 million accounts even though users had deleted them. At the same time, it also kept information for former assets no longer in its possession, such as Penthouse.adultfriendfinder hack

According to leakedsource, the system was hacked via a Local File Inclusion exploit.  Just last month a researcher said Adult Friend Finder was vulnerable to file inclusion vulnerabilities (CSO).

A researcher called “Revolver” known for exposing application flaws posted screenshots showing Local File Inclusion vulnerabilities on Adult Friend Finder last month. The incident marks the second time in just over a year that the internet hook-up destination has had security problems. Revolver denied he was behind the data breach, and instead blamed users of an underground Russian hacking site.

ZDNet confirmed that the three largest site’s SQL databases included usernames, email addresses, and the date of the last visit, and passwords, which were either stored in plaintext or scrambled with the SHA-1 hash function, which by modern standards isn’t cryptographically as secure as newer algorithms. Leakedsource said it was able to crack 99 percent of all the passwords from the databases.

AdultFriendFinder Hack – Company Response

Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation,” said Diana Ballou, vice president and senior counsel, in an email on Friday.

“While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability,” she said.

“FriendFinder takes the security of its customer information seriously and will provide further updates as our investigation continues,” she added.

More Here [TechTimes] [ZDNet]

Receive Weekly RoundUp

By clicking this button you agree to receive marketing communications from EMI

I agree to have my personal information transfered to MailChimp ( more information )