Friend Finder Networks, The company that owns one of the Popular Adult Dating site called Adult Friend Finder has been hit with a massive data breach, which more than 400 Million of users accounts has been leaked online.
About 339 million accounts belonging to Adult Friend Finder, about 15 million deleted users accounts, which are still present in the database, Over 60 million accounts of cams.com and 7 million accounts from Penthouse.
How Did The Data Breach Happened?
According to CSO Online, A self-proclaimed Security Researcher name 1×0123 on Twitter posted a Picture of a Local File Inclusion Vulnerability on Adult Friend Finder website.
The Local File Inclusion is a type of Vulnerability in a Web Application which allows an attacker to locally include files which are available on the Server by exploiting the Vulnerable inclusion in the Web Application.
1×0123 shows an obscure image of the Adult Friend Finder server /etc/passwd, and also the database schema which was Generated on September 7,2016.
On May 2016, 1×0123 claimed he found Command Injection vulnerability and Shell Access to PornHub, After the claim was investigated the Company later called the Incident a Hoax.
So this time around 1×0123 expected the same thing and tweeted “…they will call it hoax again and I will fu—– leak everything.”. Although his Twitter Account has been suspended.
Friend Finder Network said:
"We are aware of reports of a security incident, and we are currently investigating to determine the validity of the reports," Diana Lynn Ballou, Friend Finder Network's Vice President and Senior Counsel of Corporate Compliance & Litigation told CSO Online. "If we confirm that a security incident did occur, we will work to address any issues and notify any customers that may be affected."
This is the Second time Friend Finder Network is breached, It occurred first time in May 2015, where about 4 Million users accounts where exposed.