However, much the same way metadata collection provides insight to the NSA, this type of information provides attackers with plenty of leverage that can be used against the public.Spear phishing becomes a lot easier when attackers not only have an email address, but also location, language, and race.In addition to the 16 million "deleted" accounts is the user database, which FFN had access to, despite having sold in February.Included in the leak were 96 million Hotmail accounts, 78,301 US military email accounts, and 5,650 US government accounts.Another possible mechanism could have been hijacking ssh keys from a compromised admin account or github, but those tend to be secondary in most cases.Either way, the database dump itself is 570 megabytes, and assuming the data was exfiltrated in a few large transactions, it would have been very noticeable on a network level.
2) At the webserver level, where an abnormal amount of traffic would be sent to a specific address.View Full Bio In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data.We examine some examples of how enterprises can cull this data to find the clues they need.The source IP addresses collected can even provide pinpoint street locations for attacks.The attack methodology deployed in this instance was not released, but it would be fair to assume that it leveraged a kind of SQL Injection attack or similar, where the information is wormed out of the back-end database through a flaw in the webserver.This time, email addresses, passwords, dates of last visits, browser information, IP addresses, and site membership status were revealed, reports The Guardian, citing data breach monitoring service Leaked Source.Last year's breach also included users' dates of birth, postal codes, sexual preferences, and whether they were seeking extramarital affairs.Wait for a raft of class-action lawsuits." Last July, another pornography and adult hook-up site, Ashley Madison, suffered a doxing attack that exposed 37 million users accounts. Sjouerman says that when Know Be4 sent its customers fake phishing emails with lures related to the Ashley Madison breach, 4% of users clicked. Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events.For more information from the original source of the news item, please follow the link provided in this article.From The Guardian: "It is also unclear who perpetrated the hack.A security researcher known as Revolver claimed to find a flaw in Friend Finder Networks’ security in October, posting the information to a now-suspended Twitter account and threatening to 'leak everything' should the company call the flaw report a hoax." "This is criminal negligence, as it's not the first time," says Stu Sjouerman, CEO of security awareness training company Know Be4, in a statement.