It appears that Friend Finder Networks changed some of the plaintext passwords to all lower-case letters before hashing, which meant that Leaked Source was able to crack them faster.It also has a slight benefit, as Leaked Source writes that "the credentials will be slightly less useful for malicious hackers to abuse in the real world." For a subscription fee, Leaked Source allows its customers to search through data sets it has collected. "We don't want to comment directly about it, but we weren't able to reach a final decision yet on the subject matter," the Leaked Source representative says.Leaked Source provided samples of data to journalists where those sites were mentioned.But the leaked data could encompass many more sites, as Friend Finder Networks runs as many as 40,000 websites, a Leaked Source representative says over instant messaging.It wasn't clear if the company was referring to the local file inclusion flaw.The sites breached would appear to include Adult Friend Finder.com, i Cams.com, Cams.com, and Stripshow.com, the last of which redirects to the definitely not-safe-for-work playwithme[.]com, run by Friend Finder subsidiary Steamray.Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group.
Still, those passwords were hashed using SHA-1, which is considered unsafe.
Today's computers can rapidly guess hashes that may match the real passwords.
Leaked Source says it has cracked most of the SHA-1 hashes.
The person who found that flaw has gone by the nicknames 1x0123 and Revolver on Twitter, which has suspended the accounts.
CSOonline reported that the person posted a redacted image of a server and a database schema generated on Sept. In a statement supplied to ZDNet, Friend Finder Networks confirmed that it had received reports of potential security problems and undertook a review.