One of the world’s largest hoop up sites, which has over 40 million members who logged in at least once every two years was attacked in the month of October in 2016, The social site contained over 339 million subscribers with the addition to other sites that consisted of over 62 million, 7 million, and 2.5 million users within the domain of the sites combined. The breach exposed a total of over 412 million accounts, passwords, last visited sites, browser information, Ip addresses, and membership status across the network’s domain. The breach also went to the extent that deleted accounts that still had information on the servers may also have been compromised and the fact that the information obtained could be used for blackmail or if the information pulled from the breach was made public then the integrity of a person’s personal privacy could be at risk.
The organization reacted by stating that the reports received pertaining to potential security vulnerabilities were false claims that proved to be false extortion attempts. The organization also stated that identified issues such as a vulnerability that was related to the ability to access source code was patched and now more secure then ever. According to the security director the breach could not be explained, and he stated the company has majorly flawed security practices (Martin, 2016). To rectify and mitigate the situation the company used was a cryptography hash with a SHA-1 algorithm which is a cryptographic hash function that takes the input and produces a 160-bit hash value known as a message digest that usually rendered as a hexadecimal number that consist of 40 digits. The implications of the security breach were simple and easy passwords that were allowed, common email address was included instead of a unique user name, and the servers log data base login information was stored as lower case which made it easier to hack. The hackers were able to penetrate the site by a vulnerability known as “1×0123” also known as “revolver” which consisted of unprotected local file inclusions flaws that allowed further access to the company’s internal databases (Cluley, 2016 ).
Some lessons learned from this incident is to not take security for granted the company had multiple acknowledgements regarding security flaws within there websites but never toke them serious. Also keeping up with technology would have prevented flaws in the company’s security measures the company was using cryptography when they could have been using VPN tunneling or encryption. If the company doesn’t reevaluate their sites security practices this may well happen again seeing that a few years after the first attract another attract was introduce in relation to the previous.
339 Million adult friend finder accounts exposed. (2016, November 14). https://www.wired.co.uk/article/adult-friend-finder-hacked-email-addresses-users
Adult friend finder and penthouse in massive personal data breach. (2016, November 14). https://www.theguardian.com/technology/2016/nov/14/adult-friend-finder-and-penthouse-hacked-in-largest-personal-data-breach-on-record
Adultfriendfinder data breach. (2016, November 14). https://www.tripwire.com/state-of-security/featured/adultfriendfinder-data-breach-what-you-need-to-know/