The attack methodology deployed in this instance was not released, but it would be fair to assume that it leveraged a kind of SQL Injection attack or similar, where the information is wormed out of the back-end database through a flaw in the webserver.Another possible mechanism could have been hijacking ssh keys from a compromised admin account or github, but those tend to be secondary in most cases.The previous Friend Finder Network breach came to light in May 2015 and affected 3.5 million accounts.Both that hack and others in the adult industry, such as the 2015 Ashley Madison breach that exposed data from about 36 million users, pale in comparison to the scale of the latest alleged Friend Finder Networks data dump.When pressed on details, Ballou declined to comment further.But why Friend Finder Networks has held onto millions of accounts belonging to customers is a mystery, given that the site was sold to Penthouse Global Media in February."We are aware of the data hack and we are waiting on Friend Finder to give us a detailed account of the scope of the breach and their remedial actions in regard to our data," said Kelly Holland, the site's chief executive, in an email on Saturday.The online dating company would not comment on the read receipt, but said its “leadership” only became aware of the breach on 20 May when contacted by Channel 4 News.“Friend Finder employees receive hundreds of sales and marketing spam messages daily, including many from third party cyber security consultants, and any earlier communication on this specific issue was directed to junk mail folders and not considered a legitimate email,” the company said in a statement.
Meanwhile, the person who originally dumped the information on the so-called darkweb, who uses the nickname ROR[RG}, is demanding more than £10,000 for access to the database of users, and capitalising on the news by marketing his cybercrime services.
A hack against popular adult dating and entertainment company Friend Finder Networks exposed data related to more than 412 million user accounts, according to a report from breach notification site Leaked Source.
Friend Finder Networks did not confirm or deny the breach when reached by The Washington Post.
The company said the warning ended up in its spam folder, despite an email from an employee indicating that it had been read.
On 21 May Channel 4 News revealed that hackers had posted the deeply personal sexual information of around 3.9m users of Adult Friend Finder, which is one of the world’s largest dating websites.