Online hookup website “Adult FriendFinder” might have been hacked—again. On Tuesday evening, a hacker known as Revolver or 1×0123 claimed to have breached into the service, posting two screenshots that appeared to show he had access to some portion of the website’s infrastructure. Mark James, Security Specialist at ESET commented below whether this is genuine, if the hacker can be caught more easily due to his gloating and provides advice for the company and its users.
Mark James, Security Specialist at ESET:
“With so much data surfacing from data breaches it’s a real possibility this new database exists, whether its actual data from a current hack or old data resurfacing from the 2015 breach, only time will tell. These days hacks are becoming all too common place, you could even argue that it’s not “if” but “when” you will be hacked, regardless of how much you invest in securing your users data there’s one thing that’s unacceptable and that’s being hacked twice in close succession, if this hack turns out to be legit then it’s clear that lessons may not have been learned.
Publically gloating on Twitter will certainly draw attention to the attacker; it may also enable authorities a base to start working from. Anonymity on the internet is not as easy as it sounds, staying hidden and anonymous may seem as simple as using an application or layering different programs but staying hidden is a lot harder than people think.
Of course the usual advice of changing any passwords that may be used on other sites that you used on this website applies. Also, be very aware of any scam or phishing attempts around this sensitive information that may have been leaked. Due to the nature of this data people may feel obliged to keep it quiet and may increase the success rate of their attacks. As for the company running these sites they have to ensure all software and applications are running the latest versions and fully patched, all too often these breaches happen because flaws or vulnerabilities exist that have already been patched.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.