For an adept hacker, Downloading the entire Friend Finder database is no more difficult than going to the library and checking out a book.
It’s not that Friend Finder has substandard security, it’s simply that very little, to a determined and talented hacker, is immune to access.
Organizations like Adult Friend Finder should gain the necessary endpoint and network visibility needed to protect their customers’ personal data and “hook up” with a company like Ziften.
The 14 largest Megachurches in the world range from the Lakewood Church in Houston Texas (45,000 Members) to the Yoido Church in Seoul Korea (253,000 Members). It is comforting to note that the pastors of only two of these churches were members of Adult Friend Finder, (the online dating service and swinger personals community website for Friend Finder, Inc.), and both were searching for anonymous gay hookups. Of the fortune 500 corporations, fewer than 1,420 executives (directors, VPs and above) were members of Adult Friend Finder.
Another possible mechanism could have been hijacking ssh keys from a compromised admin account or github, but those tend to be secondary in most cases.
Either way, the database dump itself is 570 megabytes, and assuming the data was exfiltrated in a few large transactions, it would have been very noticeable on a network level.
“Apple Id accounts you can use Tor to login perfectly safe!
I am personally aware of seven previous hacks and there are rumors of dozens, if not hundreds of prior hacks. The hacks that reach public awareness are extremely rare.
As usual, being a day late and a dollar short, by the time I knocked on the door he was selling incomplete segments of the database for non-exclusive use for ,000.
That’s more than I make for an article, so paying him (he wanted bitcoins by the way) was out of the question.
However, much the same way metadata collection provides insight to the NSA, this type of information provides attackers with plenty of leverage that can be used against the public.
Spear phishing becomes a lot easier when attackers not only have an email address, but also location, language, and race.