Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group.
Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.
But the leaked data could encompass many more sites, as Friend Finder Networks runs as many as 40,000 websites, a Leaked Source representative says over instant messaging.
One large sample of data provided by Leaked Source at first seemed to not contain current registered users of Adult Friend Finder.
The first clue that Friend Finder Networks might have another problem came in mid-October.
CSOonline reported that someone had posted screenshots on Twitter showing a local file inclusion vulnerability in Adult Friend Finder.
Some of the claims were actually extortion attempts.Troy Hunt, an Australian data breach expert who runs the Have I Been Pwned data breach notification site, says that at first glance some of the data appears legitimate, but it's still early to make a call. "I'd need to see a complete data set to make an emphatic call on it." If the data is accurate, it would mark one of the largest data breaches of the year behind Yahoo, which in October blamed state-sponsored hackers for compromising at least 500 million accounts in late 2014 (see Massive Yahoo Data Breach Shatters Records).It also would be the second one to affect Friend Finder Networks in as many years.Kirk is a veteran journalist who has reported from more than a dozen countries.Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group.The hack also revealed that the company had kept information on 15 million accounts that users had deleted, as well as information on users for assets it no longer owned, such as Penthouse.By comparison, the Ashley Madison hack that took place in July 2015 revealed 32 million accounts, although that attack was also accompanied by a more aggressive extortion campaign.Those types of vulnerabilities allow an attacker to supply input to a web application, which in the worst scenario can allow code to run on the web server, according to a OWASP, The Open Web Application Security Project.The person who found that flaw has gone by the nicknames 1x0123 and Revolver on Twitter, which has suspended the accounts.But the company fixed a code injection flaw that could have enabled access to source code, Friend Finder Networks told the publication.It wasn't clear if the company was referring to the local file inclusion flaw.