Adult friend finder leak
CSOonline reported that someone had posted screenshots on Twitter showing a local file inclusion vulnerability in Adult Friend Finder.
Those types of vulnerabilities allow an attacker to supply input to a web application, which in the worst scenario can allow code to run on the web server, according to a OWASP, The Open Web Application Security Project.
It also would be the second one to affect Friend Finder Networks in as many years.
In May 2015 it was revealed that 3.9 million Adult Friend Finder accounts had been stolen by a hacker nicknamed ROR[RG] (see Dating Website Breach Spills Secrets).
But the file "seems to contain much more data than one single site," the Leaked Source representative says.
The latest Friend Finder Networks' breach would only be rivaled in sensitivity by the breach of Avid Life Media's Ashley Madison extramarital dating site, which exposed 36 million accounts, including customers names, hashed passwords and partial credit card numbers (see Ashley Madison Slammed by Regulators).
The first clue that Friend Finder Networks might have another problem came in mid-October.
The person who found that flaw has gone by the nicknames 1x0123 and Revolver on Twitter, which has suspended the accounts.
CSOonline reported that the person posted a redacted image of a server and a database schema generated on Sept. In a statement supplied to ZDNet, Friend Finder Networks confirmed that it had received reports of potential security problems and undertook a review.