Based on the documents, Tentler said the hacker’s claims seemed to be valid, and indicated a severe data breach at Adult FriendFinder. If we confirm that a security incident did occur, we’ll work to address any issues and notify any clients that may be affected, the spokesperson’s statement . On Tuesday evening, a hacker known as Revolver or x claimed to have broken up to the ceremony, submitting two screenshots that seemed to https://mynaughtyaffair.com/ show he had access to some portion of the site ‘s infrastructure. Such a flaw may let hackers do all sorts of items, including obtaining any parts of the server, conducting code on it, and even spying on users’ actions, according to a defensive security consultant who goes by the moniker Munin. Revolver tweeted publicly at Adult FriendFinder and claimed to have reported that the vulnerability he was able to get in, but after a couple of hours seemed to have given up. The hacker publicized the violation about the hacking forum Hell, and put the stolen data for sale for Bitcoin (around $, at the time).
Online hookup website Adult FriendFinder could have been hacked again. The screenshots themselves didn’t prove Revolver’s claims, but Peace told Motherboard last week that he had blasted into Adult FriendFinder. This story was updated to include the statement from FriendFinder Network and remarks from Revolver. Security researchers who watched Revolver’s claims on Twitter said the flaw that the hacker leveraged seemed like a Local File Inclusion, a common vulnerability in badly written web software that allows an individual to hack into a website and read file from the computer system.
Adult FriendFinder, which bills itself as the world’s largest sex swinger community, was hacked in . Theoretically? Total end-to-end compromise, Tentler told me, adding that among the stolen documents contained employee titles, their home IP addresses, and even Virtual Private Network keys to get Adult FriendFinder’s servers remotely. Peace said he took advantage of a backdoor which was publicized on Hell two decades ago, and said he used it last week to download a database of million consumers. Get six of our favorite Motherboard stories every day by signing up for our newsletter.
On Wednesday afternoon, a spokesperson for FriendFinder network said the firm was aware of reports of a security incident. At the moment, a hacker known as ROR[RG] allegedly breached leaked and it that a database containing the details of almost countless users, including extremely sensitive information like users’ relationship statuses, sexual tastes, along with their email addresses, usernames, and place. Peace and Revolver also said the flaw they exploited was exactly the same. Dan Tentler, a security researcher who set the startup Phobos Group, said he reviewed data leaked on the internet, including a set of documents that Peace sent to Motherboard. Another infamous hacker known as Peace also claimed to have hacked in, and acquired a database of million consumers. We are investigating to ascertain the validity of the reports.
When contacted after Revolver’s claims on Twitter, Peace explained that he gave other hackers, including Revolver, all [FriendFinder Network], mentioning the website ‘s parent firm. At a Twitter message, Revolver said he exploited the vulnerability last month, and he is currently working on getting access to the databases. No response from #adulfriendfinder.Time to get some sleep, he tweeted.