Some 412 million users of the largest dating websites should be worried, because in October 2016, Friend Finder Network, Inc. was hacked and their data stolen. Friend Finder Network, Inc. is a company that operates a wide range of adult services, and is the owner of Penthouse.com, AdultFriendFinder.com, Cams.com, iCams.com and Stripshow.com. This event is the second time Friend Finder has been breached in two years, the first being in May of 2015.
The site was hacked through a Local File Inclusion (LFI) exploit. That is a vulnerability that gives you access to files on the webserver that are normally not publicly accessible. These files usually contain sensitive information.
LeakedSource has information about the used passwords, different email providers and languages that were set in accounts. What is striking is that a lot of people use simple and insecure passwords.
Victims of a data breach are at risk because the hackers have the passwords and mail they used on that website. It’s now easy for hackers to try the password and mail on other websites. The hacker might be able to break in a lot of other accounts which can contain valuable or sensitive information. There is also the risk of extortion. In an earlier hack, some victims were approached and were threatened. The criminals threatened to publicize their involvement in certain websites, unless they pay a certain amount in bitcoin.
Yes. This vulnerability is a known vulnerability that is fairly easy to prevent. This breach could have probably been prevented by a continuous scanner, and this definitely would come to light with a bug bounty / researchers program.
Written by Zerocopter
November 14, 2016