Friend Finder Networks is an adult dating and pornography site and has been attacked before in the past.The breach released more than 20 years of confidential data and accessed five other branch companies.
The parent company of Adult Friend Finder is Friend Finder Networks.A security researcher known as Revolver claimed to find a flaw in Friend Finder Networks’ security in October, posting the information to a now-suspended Twitter account and threatening to 'leak everything' should the company call the flaw report a hoax." "This is criminal negligence, as it's not the first time," says Stu Sjouerman, CEO of security awareness training company Know Be4, in a statement."Adult Friend Finder has failed to learn from their mistakes and now 412 million people are high-value targets for blackmail, phishing attacks, and other cybercrime.The Adult Friend Finder and other sister companies are a huge target for hackers.Clearly, it has the burden of handling an abundant amount of sensitive information and it would only make sense for them to have an excellent security measure to keep intruders out.This means that the page is not protected against directory traversal characters, such as dot-dot-slash, which can lead to code being injected into a path that leads to a file. The main purpose of the security breach seemed to be to harvest private information that was weakly secured. was hacked exposing 4 million accounts which contained sensitive information including sexual preferences and whether a user was looking for an external affair. One of the biggest reasons SHA-1 is vulnerable is because of an exploit called “collision”.One security analyst had previously warned the company of a local file inclusion flaw, and following that warning the hackers were able to run malicious software. A collision occurs when two different message inputs, or passwords, generate the same hash.Included in the leak were 96 million Hotmail accounts, 78,301 US military email accounts, and 5,650 US government accounts.From The Guardian: "It is also unclear who perpetrated the hack.The information that was stolen in the security breach is primarily user accounts.Out of the 412 million accounts compromised, 78 thousand accounts used military e-mails and 5.6 thousand US Government email addresses were also discovered.