Adult friend finder exposed
"Their [Friend Finder Networks'] infrastructure is two decades old and slightly confusing." Many of the passwords were simply in plaintext, Leaked Source writes in a blog post.
Others had been hashed, the process by which a plaintext password is processed by an algorithm to generate a cryptographic representation, which is safer to store.
Those types of vulnerabilities allow an attacker to supply input to a web application, which in the worst scenario can allow code to run on the web server, according to a OWASP, The Open Web Application Security Project.
Friend Finder Networks, stung last year when its Adult Friend Finder website was breached, could not be immediately reached for reaction (see Dating Website Breach Spills Secrets).
Breach notification site first reported the attack, indicating that over 300 million Adult Friend Finder accounts were affected, as well as over 60 million accounts from
Other company holdings, such as Penthouse, Stripshow, and i Cams were also breached, for a total of 412,214,295 affected users.
It could also be particularly worrisome because Leaked Source says the accounts date back 20 years, a time in the early commercial web when users were less worried about privacy issues.
The latest Friend Finder Networks' breach would only be rivaled in sensitivity by the breach of Avid Life Media's Ashley Madison extramarital dating site, which exposed 36 million accounts, including customers names, hashed passwords and partial credit card numbers (see Ashley Madison Slammed by Regulators).
In May 2015 it was revealed that 3.9 million Adult Friend Finder accounts had been stolen by a hacker nicknamed ROR[RG] (see Dating Website Breach Spills Secrets).