Adult friend finder free account
“Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation,” a statement issued over the weekend reads.
The news first came to light via Leaked Source, a so-called “breach notification site”.
Leaked Source has not made the database searchable but has published a breakdown of password frequencies and samples of file schemas from the leaked database to substantiate its claims, which remain unconfirmed but are nonetheless being taken seriously by security firms.
Certificate management firm Venafi claimed that private information such as passwords appeared to have been protected using only the obsolete SHA-1 hashing algorithm.
Solutions such as 2-factor authentication could have easily helped avert a breach of this magnitude.
The data was stolen last month using a vulnerability exposed around the same time, Leaked Source reported.
Last month a hacker known as Revolver or 1x0123 claimed he had gained access to the site’s backend servers through a Local File Inclusion hack before posting two screenshots purporting to show compromised data to his Twitter feed.
The latest breach follows a high profile hack in May 2015 that led to the leaking of 4 million records.
“While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability,” ZDNet quoted from an email by CEO Diana Ballou.
Items such as usernames, email addresses and passwords are stored in plaintext or using SHA-1 encryption, which experts consider insufficient under current best practices.
It warned of significant attacks — not just to Adult Friend Finder accounts but also those of its sister sites.