Friend Finder Networks, Owner of AdultFriendFinder and Other Adult Services, Has Been Hit by Massive Data Breach
It is no longer enough to focus on passwords and financial data – any level of breach can cause significant distress or financial harm to affected customers.
FriendFinder Networks, the parent company of sites such as AdultFriendFinder, Cams.com, Penthouse, and Stripshow has reportedly been hacked, revealing details of 412 million accounts.
According to leakedsource.com 99% of all available passwords are now visible in plain text.
Reports suggest the network was hacked via a local file inclusion exploit (LFI).
This was revealed by a researcher called 1 × 0123 on Twitter who is known to expose the flaws in the apps.
He posted screenshots showing LFI vulnerabilities on Adult Friend Finder.
The images show an LFI being triggered. When asked directly, 1 × 0123 confirmed that LFI was the exploited vulnerability and said it was discovered in a module on production servers used by Adult Friend Finder.
> See also: The 10 biggest data breaches and their causes
LFI vulnerabilities allow an attacker to include files located elsewhere on the server in the output of a given application.
This incident marks the second time in a little over a year that the “dating” network has encountered security problems.
Justine Cross, Regional Director of Vigilant software, commented on the latest data breach that hit the headlines: “The public has long had their patience for businesses that fail to protect their data, and friend finder networks are just the thing. latest example of how companies need to take a new stance to keep the information they care about safe. “
“It is no longer enough to focus on passwords and financial data – any level of breach can cause significant distress or financial harm to affected customers.”
“Stolen email addresses will expose victims to phishing attacks and fraud on other sites using the address, while names and other details can be used as embarrassment or blackmail.”
Secure your online presence
“We’re never out of danger of a data breach of our personal information and passwords,” said Ryan O’Leary, vice president of Threat Research at WhiteHat Security.
“As users, we have to take precautions against this. If your password for each website is unique, good job, you are one of the few people who uses a different password for each service they connect to. “
> See also: Why have enterprise data breaches reached an all time high?
“As a community of users, it is essential that we practice stronger personal security to mitigate the impact of the data breaches that will inevitably occur.”
Here are some simple tips for staying safe online:
1. Do not use the same password for all sites. If a site were to be breached, all of your accounts are effectively breached.
At the very least, use a variety of passwords to minimize the impact of a breach.
2. Enable two-factor authentication for any application that supports it.
Yes it is a pain! But it’s also one of the best ways to protect your accounts.
3. Connect only to sites that use SSL, you will know this by checking if there is an “https: //” before the rest of the URL.
4. Do not click any links or attachments in instant messages or emails. As tempting as they may sound, you really are rolling the dice with your personal safety.