Adult friend finder exposed free dating sites pittsburgh
The first clue that Friend Finder Networks might have another problem came in mid-October.CSOonline reported that someone had posted screenshots on Twitter showing a local file inclusion vulnerability in Adult Friend Finder.The hack also revealed that the company had kept information on 15 million accounts that users had deleted, as well as information on users for assets it no longer owned, such as Penthouse.By comparison, the Ashley Madison hack that took place in July 2015 revealed 32 million accounts, although that attack was also accompanied by a more aggressive extortion campaign.Kirk is a veteran journalist who has reported from more than a dozen countries.Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group.Adult dating service company Friend Finder Network has reportedly been hacked, with over 412 million accounts, email addresses, and passwords from their websites made available on criminal marketplaces.Notably, the database does not include more detailed personal information, but could still be used to confirm whether a person was a user of the service.
It also would be the second one to affect Friend Finder Networks in as many years.It also has a slight benefit, as Leaked Source writes that "the credentials will be slightly less useful for malicious hackers to abuse in the real world." For a subscription fee, Leaked Source allows its customers to search through data sets it has collected. "We don't want to comment directly about it, but we weren't able to reach a final decision yet on the subject matter," the Leaked Source representative says.In May, Leaked Source removed 117 million emails and passwords of Linked In users after receiving a cease-and-desist order from the company.But the company fixed a code injection flaw that could have enabled access to source code, Friend Finder Networks told the publication.It wasn't clear if the company was referring to the local file inclusion flaw.Those types of vulnerabilities allow an attacker to supply input to a web application, which in the worst scenario can allow code to run on the web server, according to a OWASP, The Open Web Application Security Project.The person who found that flaw has gone by the nicknames 1x0123 and Revolver on Twitter, which has suspended the accounts.The sites breached would appear to include Adult Friend Finder.com, i Cams.com, Cams.com, and Stripshow.com, the last of which redirects to the definitely not-safe-for-work playwithme[.]com, run by Friend Finder subsidiary Steamray.Leaked Source provided samples of data to journalists where those sites were mentioned.Leaked Source says it has cracked most of the SHA-1 hashes.It appears that Friend Finder Networks changed some of the plaintext passwords to all lower-case letters before hashing, which meant that Leaked Source was able to crack them faster.