Wednesday, 19 October 2016

On 10:00 by admin   No comments
Hook-up and dating site Adult FriendFinder has a serious database vulnerability that could reveal usernames, passwords and other information, it has been claimed.
The suggestion of a security flaw first came from self-styled "underground researcher" 1x0123 on Tuesday night, who posted on Twitter a screen grab that suggested Adult FriendFinder has a Local File Inclusion (LFI) vulnerability. 
Researcher 1x0123 wrote: "F**kload of databases with same user/password + runing as root".

Later he or she tweeted: "No reply from #adulfriendfinder.. time to get some sleep they will call it hoax again and i will f**king leak everything".
While there is currently no suggestion of a public data leak, the situation could prove very serious for the company if it is real; a leak would expose vulnerable data that is both highly personal and potentially embarassing.
Diana Lynn Ballou, FriendFinder Networks' VP and senior counsel of corporate compliance and litigation, emailed IT Pro a statement that read: "We are aware of reports of a security incident, and we are currently investigating to determine the validity of the reports. If we confirm that a security incident did occur, we will work to address any issues and notify any customers that may be affected."
The scenario is highly reminiscent of the Ashley Madison hack last year. During that data breach, the details of around 37 million users worldwide were compromised, with a number of people's usernames, login details and other credentials posted online. 
The Hackers Day Conference,  is a novel occasion  will be held in Lucknow, on the January 15th-16th, 2017. For more details : www.hackersday.org

0 comments:

Post a comment