The organisation that runs AdultFriendFinder and additional pornographic websites suffered a hack; 412 million accounts were compromised.
The inadequate security procedures of the organisation allowed for the cracking of almost all account passwords. In the hack, deleted accounts were also discovered.
It was discovered that an attacker remotely might execute malicious code on the target web server by taking advantage of the AdultFriendFinder website's vulnerability.
Email addresses, usernames, passwords, site membership information, the IP address most recently used to log in, and the date of the most recent visit are among the stolen data, according to a review of the databases on the three biggest websites.
Source: https://securityaffairs.com/53387/data-breach/adultfriendfinder-data-breach-2016.html
TPRM report: https://scoringcyber.rankiteo.com/company/friendfinder-networks-inc-
"id": "fri22551123",
"linkid": "friendfinder-networks-inc-",
"type": "Breach",
"date": "11/2016",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'customers_affected': 412000000,
'industry': 'Adult Entertainment',
'name': 'AdultFriendFinder',
'type': 'Organization'}],
'attack_vector': 'Remote Code Execution',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 412000000,
'personally_identifiable_information': ['Email addresses',
'Usernames',
'IP addresses'],
'type_of_data_compromised': ['Email addresses',
'Usernames',
'Passwords',
'Site membership information',
'IP addresses',
'Date of the most recent visit']},
'description': 'The organisation that runs AdultFriendFinder and additional '
'pornographic websites suffered a hack; 412 million accounts '
'were compromised. The inadequate security procedures of the '
'organisation allowed for the cracking of almost all account '
'passwords. In the hack, deleted accounts were also '
'discovered. It was discovered that an attacker remotely might '
'execute malicious code on the target web server by taking '
"advantage of the AdultFriendFinder website's vulnerability. "
'Email addresses, usernames, passwords, site membership '
'information, the IP address most recently used to log in, and '
'the date of the most recent visit are among the stolen data, '
'according to a review of the databases on the three biggest '
'websites.',
'impact': {'data_compromised': ['Email addresses',
'Usernames',
'Passwords',
'Site membership information',
'IP addresses',
'Date of the most recent visit'],
'systems_affected': ['Web server']},
'post_incident_analysis': {'root_causes': ['Inadequate security procedures',
'Web server vulnerability']},
'title': 'AdultFriendFinder Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Web server vulnerability'}