AdultFriendFinder Hack Exposes 412 Million User Accounts
LeakedSource claims it has obtained over 400 one thousand thousand stolen user accounts from the adult dating and pornography site visitor Friend Finder Networks, Inc. Hackers attacked the company in October, resulting in one of the largest data breaches always recorded.
AdultFriendFinder hacked - over 400 million users' data exposed
The hack of adult dating and entertainment company has exposed more than than 412 one thousand thousand accounts. The breach includes 339 1000000 accounts from AdultFriendFinder.com, which sports itself as the "world'due south largest sex and swinger community." Similar to Ashley Madison drama in 2022, the hack likewise leaked over xv one thousand thousand supposedly deleted accounts that weren't purged from the databases.
The set on exposed email addresses, passwords, browser information, IP addresses, appointment of final visits, and membership status across sites run by the Friend Finder Networks. FriendFinder hack is the biggest breach in terms of number of users since the leak of 359 million MySpace users accounts. The information appears to come from at least 6 different websites operated past Friend Finder Networks and its subsidiaries.
Over 62 meg accounts are from Cams.com, most 2.5 million from Stripshow.com and iCams.com, over 7.1 million from Penthouse.com, and 35,000 accounts from an unidentified domain. Penthouse was sold earlier in the year to Penthouse Global Media, Inc. Information technology is unclear why Friend Finder Networks notwithstanding has the database even though it shouldn't be operating the belongings information technology has already sold.
Biggest problem? Passwords! Yep, "123456" doesn't help you lot
Friend Finder Networks was plain following the worst security measures - even after an earlier hack. Many of the passwords leaked in the alienation are in clear text. The rest were converted to lowercase and stored equally SHA1 hashes, which are easier to fissure too. "Passwords were stored by Friend Finder Networks either in manifestly visible format or SHA1 hashed (peppered). Neither method is considered secure by any stretch of the imagination," LS said.
Coming to the user side of the equation, the stupid countersign habits continue. According to LeakedSource, the top three most used passwords are "123456," "12345" and "123456789." Seriously? To assist you experience amend, your password would accept been exposed by the Network, no matter how long or random information technology was, thanks to weak encryption policies.
LeakedSource claims information technology has managed to crack 99% of the hashes. The leaked information can exist used in blackmailing and ransom cases, among other crimes. In that location are 5,650 .gov accounts and 78,301 .mil accounts, which may exist specifically targeted by criminals.
The vulnerability used in the AdultFriendFinder breach
The company said the attackers used a local file inclusion vulnerability to steal user data. The vulnerability was disclosed by a hacker a month ago. "LFI results in data existence printed to the screen," CSO had reported last month. "Or they can be leveraged to perform more serious actions, including code execution. This vulnerability exists in applications that don't properly validate user-supplied input, and leverage dynamic file inclusion calls in their code."
"FriendFinder has received a number of reports regarding potential security vulnerabilities from a multifariousness of sources," Friend Finder Networks VP and senior counsel, Diana Ballou, told ZDNet. "While a number of these claims proved to exist imitation extortion attempts, we did place and set up a vulnerability that was related to the power to access source code through an injection vulnerability."
Final yr, Adult Friend Finder confirmed 3.v million users accounts had been compromised in an attack. The attack was "revenge-based," as the hacker demanded $100,000 bribe money.
Unlike previous mega breaches that nosotros have seen this year, the breach notification site has decided not to make the compromised data searchable on its website considering of the possible repercussions for users.
Source: https://wccftech.com/adultfriendfinder-hack-exposes-412-million/
Posted by: wilsonweriatere.blogspot.com
0 Response to "AdultFriendFinder Hack Exposes 412 Million User Accounts"
Post a Comment