Slashdot Mirror
Hack Exposes 412 Million Accounts on AdultFriendFinder Sites (zdnet.com)
"Almost every account password was cracked, thanks to the company's poor security practices," reports ZDNet -- even for "deleted" accounts. An anonymous reader quotes their article:
The hack includes 339 million accounts from AdultFriendFinder.com, which the company describes as the "world's largest sex and swinger community [and] also includes over 15 million "deleted" accounts that weren't purged from the databases. On top of that, 62 million accounts from Cams.com, and 7 million from Penthouse.com were stolen, as well as a few million from other smaller properties owned by the company. The data accounts for two decades' worth of data from the company's largest sites, according to breach notification LeakedSource, which obtained the data... The three largest site's SQL databases included usernames, email addresses, and the date of the last visit, and passwords, which were either stored in plaintext or scrambled with the SHA-1 hash function, which by modern standards isn't cryptographically as secure as newer algorithms.
The attack apparently coincides with the discovery of "a local file inclusion flaw on the AdultFriendFinder site, which if successfully exploited could allow an attacker to remotely run malicious code on the web server. " Ironically, Friend Finder Networks doesn't even own Penthouse.com anymore. They sold the site to a new owner last February.
The attack apparently coincides with the discovery of "a local file inclusion flaw on the AdultFriendFinder site, which if successfully exploited could allow an attacker to remotely run malicious code on the web server. " Ironically, Friend Finder Networks doesn't even own Penthouse.com anymore. They sold the site to a new owner last February.
I am so sick and tired of databases not being properly protected. One thing you can do is to monitor outbound traffic. If you suddenly see a huge stream from the DB server to somewhere it doesn't normally go, a banshee cry should come from your monitoring system.
You can also include "trap" data in the DB and have pattern matching set up (on the system, in the network, on the routers). See the pattern, alarms and cell phones should start ringing.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
It is really funny that you should mention that. Many people who lived through the Hitler years say that Trump strongly reminds them of Hitler.
So in a way, you really did vote for Hitler this time around.