Adult friend finder exposed best adult websites
Those types of vulnerabilities allow an attacker to supply input to a web application, which in the worst scenario can allow code to run on the web server, according to a OWASP, The Open Web Application Security Project.The person who found that flaw has gone by the nicknames 1x0123 and Revolver on Twitter, which has suspended the accounts.The hack also revealed that the company had kept information on 15 million accounts that users had deleted, as well as information on users for assets it no longer owned, such as Penthouse.By comparison, the Ashley Madison hack that took place in July 2015 revealed 32 million accounts, although that attack was also accompanied by a more aggressive extortion campaign."Their [Friend Finder Networks'] infrastructure is two decades old and slightly confusing." Many of the passwords were simply in plaintext, Leaked Source writes in a blog post.Others had been hashed, the process by which a plaintext password is processed by an algorithm to generate a cryptographic representation, which is safer to store.It also has a slight benefit, as Leaked Source writes that "the credentials will be slightly less useful for malicious hackers to abuse in the real world." For a subscription fee, Leaked Source allows its customers to search through data sets it has collected. "We don't want to comment directly about it, but we weren't able to reach a final decision yet on the subject matter," the Leaked Source representative says.
"We didn't split any data ourselves, that's how it came to us," the Leaked Source representative writes.
A group that collects stolen data claims to have obtained 412 million accounts belonging to Friend Finder Networks, the California-based company that runs thousands of adult-themed sites in what it described as a "thriving sex community." See Also: Webinar | Beyond Managed Security Services: SOC-as-a-Service for Financial Institutions Leaked Source.com, a service that obtains data leaks through shady underground circles, believes the data is legitimate.