Probably 2016 is ending with the biggest hacking news of the site AdultFreindFinder which has become the victim of one of the greatest Internet security breaches for the second time in past two years.
What are the affected amounts?
339 millions accounts of the site which uses the tagline “Hookup, Find Sex or Meet Someone Special Now,” are hugely affected according to the breach notification site LeakedSource.
Last year also in the month of May AdultFreindFinder has been breached and as per the Britain’s Channel4, affected around 3.9 million users.
The parent site Friend Finder Networks that offers numerous entertainment services for adults is reported to be hacked by affecting over 412 accounts, passwords, email addresses and made available to the criminal marketplaces.
The other websites which are owned by the parent site of the AdultFreindFinder such as Cams.com, Stripshow.com, Penthouse.com, iCams.com are also hacked and the data of 412,214,295 users are leaked.
Though the data that have been leaked do not include detailed personal information but sensitive details including usernames, passwords, emails, and last logins, IP addresses, browser information and other data are accessible.
Probable reason behind the breach:
As per a researcher (you can find him on the Twitter named as 1×0123) reported by CSO online, the Parent site of the AdultFreindFinder, the Friend Finder Networks is hacked in the month of October as because of a Local File Inclusion vulnerabilities.
The researcher has posted the images against his claim to showcase the vulnerability in Local File Inclusion that has been triggered by the hackers.
According to the report by CSO online, the vulnerability that is found in the production server module of AdultFreindFinder has been severely exploited by the criminals which has been also confirmed by the researcher.
Shocking! The Company Held 15 Million Of Deleted Accounts By Users:
Because of the hacking, a shocking news revealed that the company has kept the information of 15 millions of accounts that users earlier deleted. Penthouse has also kept the information on users’ assets that the company has no longer owned.
The user password is stored in plainly visible format or by the Secure Hash Algorithm 1 (SHA-1):
Another shocking revelation has made by the LeakedSource that the Friend Finder Network has stored the user passwords in plainly visible formats and in some cases with Secure Hash algorithm 1 which is basically known as insecure.
ZDNet has told that from the AdultFriendFinder, the leaked data unlike the 2015 hack do not control any sexual preference information and also the Friends Finder Network has disclosed to ZDNet that they are aware of the vulnerability and soon going to take the correct steps.
Last year the online dating website named Ashley Madison specially designed for cheating spouses was hacked also and the criminals threatened to leak all the personal data of the users until the website get shut down.
Though criminals have claimed nothing this time but the insecurity remains the same.
