Adult friend finder leak
"It’s clear the company has majorly flawed security postures, and given the sensitivity of the data the company holds this cannot be tolerated.
A group that collects stolen data claims to have obtained 412 million accounts belonging to Friend Finder Networks, the California-based company that runs thousands of adult-themed sites in what it described as a "thriving sex community." See Also: Live Webinar | Empowering Your Human Firewall: The Art and Science of Secure Behavior Leaked Source.com, a service that obtains data leaks through shady underground circles, believes the data is legitimate.
CSOonline reported that someone had posted screenshots on Twitter showing a local file inclusion vulnerability in Adult Friend Finder.
Those types of vulnerabilities allow an attacker to supply input to a web application, which in the worst scenario can allow code to run on the web server, according to a OWASP, The Open Web Application Security Project.
Still, those passwords were hashed using SHA-1, which is considered unsafe.
Friend Finder Networks, stung last year when its Adult Friend Finder website was breached, could not be immediately reached for reaction (see Dating Website Breach Spills Secrets).
Troy Hunt, an Australian data breach expert who runs the Have I Been Pwned data breach notification site, says that at first glance some of the data appears legitimate, but it's still early to make a call. "I'd need to see a complete data set to make an emphatic call on it." If the data is accurate, it would mark one of the largest data breaches of the year behind Yahoo, which in October blamed state-sponsored hackers for compromising at least 500 million accounts in late 2014 (see Massive Yahoo Data Breach Shatters Records).
Today's computers can rapidly guess hashes that may match the real passwords.
Leaked Source says it has cracked most of the SHA-1 hashes.It is the second major leak of private user information in less than two years - and it even contains details of DELETED accounts over the seedy service's 20 year history, Leaked Source has claimed.Sister porn sites Penthouse, Stripshow and i Cams have also been skimmed of user data in what cyber security specialists have said is a hack that "raises serious alarm bells"."We didn't split any data ourselves, that's how it came to us," the Leaked Source representative writes.