We found out this week that "sex and swinger" social network Adult Friend Finder was breached, along with all of its other sites. (FFN) operates Adult Friend Finder.com, webcam sex-work site cams.com, and a few others; a total of six databases were reported in the haul.
“While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability,” ZDNet quoted from an email by CEO Diana Ballou.Friend Finder Networks, the parent company behind the likes of Adult Friend Finder, Cams, Penthouse, i Cams and Stripshow has been hacked, with six databases from the company compromised, according to breach notification website Leaked Source.A Local File Inclusion (LFI) exploit was all it took for server breaches that led to a mammoth 412,214,295 user-accounts’ credentials to leak online.Leaked Source said "this data set will not be searchable by the general public on our main page temporarily for the time being."But as infosec blog put it, "The point is, these records exist in multiple places online.They're being sold or shared with anyone who might have an interest in them."That's more users than Twitter and a third of Facebook's global membership.The news first came to light via Leaked Source, a so-called “breach notification site”.It warned of significant attacks — not just to Adult Friend Finder accounts but also those of its sister sites.Unlike Friend Finder Networks, Yahoo is a mainstream service.“Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation,” a statement issued over the weekend reads.Alarmingly, 99% of all available passwords gathered from the breach, are visible in plaintext.CSOOnline reveals that information from the breached databases was circulating online since their compromise in October 2016.