Adult Friend Finder breached again

Next story

Hackers are claiming to have accessed the online ‘hook up’ website database, Adult Friend Finder – for the second time in 12 months. Mark James, ESET IT Security Specialist, discusses what this potential security breach could mean for the company, its staff and users.

Image

The popular online ‘hookup’ site seems to not learn from previous mistakes as they have previously suffered a hack in 2015, stealing 4 million user’s details; and in October 2016 a second ‘underground researcher’ claims to have obtained private details of 73 million users and staff members.

The supposed hacker is taking to Twitter to post screenshots and reveal the alleged vulnerability in the infrastructure of the site. The pictures don’t actually prove the claims, just that the hacker attempted to gain access to the firm’s account.

There is rumoured to be a complete end-to-end compromise, as one of the files stolen contained employee names, home IP addresses and even Virtual Private Network keys to access Adult Friend Finder’s servers remotely.

Mark James, ESET IT Security Specialist, discusses what this potential security breach could mean for the company, its staff and users.

What are the chances that the site hasn’t actually been compromised?

“With so much data surfacing from data breaches these days it’s a real possibility this new database does exists.

“Whether its actual data from a current hack, or old data resurfacing from the 2015 breach, only time will tell.

“These days’ hacks are becoming an all too common place; you could even argue that it’s not “if” but “when” you will be hacked.

“Regardless of how much you invest in securing your users data, there’s one thing that’s unacceptable and that’s being hacked twice in close succession.

“If this hack turns out to be legit then it’s clear that lessons may not have been learned.”

Does publically gloating on Twitter mean the hacker can be easily caught?

“It certainly will draw attention to what you have done, and it may also enable authorities a base to start working from.

“Anonymity on the internet is not as easy as it sounds. Staying hidden and anonymous may seem as simple as using an application or layering different programs, but staying hidden is a lot harder than people think.

Do you have any advice for the company and its users at this moment?

“Of course the usual advice of changing any passwords that may be used on other sites that you used on this website, will of course stop your credentials from being used elsewhere.

“Be very aware of any scam or phishing attempts around this sensitive information that may have been leaked, because of the nature of this data people may feel obliged to keep it quiet and may increase the success rate of their attacks.

“As for the company running these sites, they have to ensure all software and applications are running the latest versions and fully patched. All too often these breaches happen because flaws or vulnerabilities still exist but that have already been patched.”


How much does a company being breached effect your confidence in them? What about multiple hacks? Let us know on Twitter @ESETUK


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.