Partners Urge Caution As Friend Finder Network Is Reportedly Hit By A Massive Data Breach
Following reports of yet another massive data breach, partners are urging consumers to be vigilant about what kinds of sites and services they trust with their personal information.
On the heels of the announcement of a massive data breach at Yahoo just weeks ago, hackers have reportedly put millions of customer accounts at risk at Friend Finder Network, an adult entertainment company.
According to a report in ZDNet on Sunday, hackers exposed the records of more than 412 million accounts at Friend Finder Network, including accounts on AdultFriendFinder.com, Cams.com, and Penthouse.com. The records stretched back more than two decades and included both current and deleted accounts, the report said.
Matt Johnson, CEO of Phalanx Secure Solutions, a Baltimore, Md.-based managed security services provider, said the Friend Finder Network breach should serve as a "huge wake-up call for consumers" as to where their information is held.
"People are continually putting their private and sometimes way to private information into websites that they have no clue on the security protocols, vulnerabilities, or potential for data loss. Even the most secure companies can be hacked or have data stolen, and we are just filling them with everything about ourselves," Johnson said.
The information reportedly exposed in this latest data breach at Friend Finder included usernames, email addresses, date of last visit, passwords, membership data, browser information, IP address and whether the user was a paid subscriber. It does not look like it included sexual preference or affair information, as in a previous Friend Finder data breach that, last year, exposed 4 million customer records.
[Related: 5 Things That Shape The Security Solution Provider Of The Future]
It's not clear who is responsible for this most recent attack, though some are blaming security researcher Revolver and Russian hackers. Friend Finder Network has confirmed some vulnerabilities in its systems, but has not yet confirmed the breach.
The breach echoes back to the July 2015 breach of extramarital affair site Ashley Madison, which exposed the records of more than 37 million users, including names, addresses and credit-card transactions. Hackers called for Ashley Madison to shut down as a condition for releasing the stolen data. The incident is among many recent examples of ideological attacks on institutions for motives other than financial gain.
It is not clear if that same motivation is at play in the reported Friend Finder Network breach. Regardless, partners have told CRN that this report reflects, once again, the need for consumers to be more conscious of what companies hold their information and how well they're protecting it. According to the ZDNet report, the data from Friend Finder Network was stored in plaintext or encrypted using only a SHA-1 hash function, an older encryption method that's widely considered outdated compared to more modern approaches.