FriendFinder Breached; 400 Million Users at Risk
Posted by: Timothy Weaver on 11/14/2016 01:18 PM
[
Comments
]
Adult entertainment company FriendFinder Network has suffered a breach of over 400 million user accounts.
The database included email addresses and passwords stored either in plaintext or SHA1 hashed. The network consists of AdultFriendFinder (339m users), Cams.com (62m), Penthouse.com (7m), Stripshow.com (1m), and iCams.com (1m).
Data breach notification site LeakedSource says the breach occurred in Oct. and was possibly caused by a Local File Inclusion exploit.
Also according to LeakedSource, 99% of the passwords are either in plainly visible or easily hackable.
The breach also revealed a large number of .mil (78,301) and .gov (5650) addresses.
This is not the first breach of the network. It was also breached in May 2015. David Kennerley, director of threat research at Webroot, chastised the company for not learning from the first breach and possibly exposing its users to blackmail and fraud.
“All companies, especially those dealing with sensitive customer data, must balance their security resources against their risk tolerance, and look at threat intelligence solutions that provide them with the greatest scope of protection,” he added.
“It goes without saying that systems, software and processes should be regularly reviewed, and previously accepted risk levels may no longer suffice. For the consumer, unfortunately, you need to consider whether you’re ultimately happy with anything you post online being made public, as everyday there seems to be news of another breach.”
Source: Info Security
The database included email addresses and passwords stored either in plaintext or SHA1 hashed. The network consists of AdultFriendFinder (339m users), Cams.com (62m), Penthouse.com (7m), Stripshow.com (1m), and iCams.com (1m).Data breach notification site LeakedSource says the breach occurred in Oct. and was possibly caused by a Local File Inclusion exploit.
Also according to LeakedSource, 99% of the passwords are either in plainly visible or easily hackable.
The breach also revealed a large number of .mil (78,301) and .gov (5650) addresses.
This is not the first breach of the network. It was also breached in May 2015. David Kennerley, director of threat research at Webroot, chastised the company for not learning from the first breach and possibly exposing its users to blackmail and fraud.
“All companies, especially those dealing with sensitive customer data, must balance their security resources against their risk tolerance, and look at threat intelligence solutions that provide them with the greatest scope of protection,” he added.
“It goes without saying that systems, software and processes should be regularly reviewed, and previously accepted risk levels may no longer suffice. For the consumer, unfortunately, you need to consider whether you’re ultimately happy with anything you post online being made public, as everyday there seems to be news of another breach.”
Source: Info Security
Comments
