Adult friend finder data
In this case verification has shown that some data is stored in clear text while passwords are encrypted with SHA-1 (not enough to thwart today’s adversaries).
Unfortunately penetration testing or application security scanning can offer almost no insight into how data is stored or processed inside an organisations applications and data stores. It enables organisations to see how their data is managed by systems and more importantly whether it is encrypted and whether that encryption level is satisfactory.” Justine Cross, Regional Director at “The public has long since run out of patience for companies that fail to protect their data, and the Friendfinder Network is just the latest example proving that businesses must take a new stance to keep information in their care safe.
With the previous attacks we have seen on these types of websites you would have expected the password storage security to have been increased but sadly this is not the case here.
The methods used were considered poor practise by some and terrible by others.
It is no longer enough to focus on passwords and financial data – any level of breach can cause significant distress or financial harm to the affected customers.
Stolen email addresses will leave the victims vulnerable to phishing attacks and fraud across other sites using the address, while names and other details can be used as a source of embarrassment or blackmail.
In a word, it looks like Adult Friend Finder had as close to no security as you can get while running such a website.” Mark James, Security Specialist at “This leaked data is astounding.Many of the stolen records are from accounts that are no longer active, Leaked Source said.Others may be duplicates or created by automated programs known as “bots.” Leaked Source said most of the records, 340 million, were taken from Adult Friend Finder.com, which facilitates casual relationships.In February, Friend Finder Networks said Adult Friend Finder had more than 60 million users.Data was also stolen from Penthouse.com, Cams.com, Stripshow.com, and i Cams.com, according to Leaked Source. Also popular on WSJ.com: RNC Chair Reince Priebus is named Donald Trump’s chief of staff.Companies need to start putting in measures to stop these passwords being used.We have the lists, they have the lists, it’s a simple lookup.Not only were passwords stored with trivial protection, but accounts that users had deleted, appeared to not have been deleted at all.The impact from sites such as Adult Friend Finder could be as significant as the Ashley Madison breach which had reports of suicides as a direct result of the breaches.This event also marks the second time Friend Finder has been breached “Unfortunately many businesses simply do not learn their lesson and by failing to implement proper cyber security controls repeatedly place the privacy of users at risk.By storing passwords in clear text or insecure formats, companies render even complex passwords useless.