Adult friend finder username
The attack methodology deployed in this instance was not released, but it would be fair to assume that it leveraged a kind of SQL Injection attack or similar, where the information is wormed out of the back-end database through a flaw in the webserver.
Another possible mechanism could have been hijacking ssh keys from a compromised admin account or github, but those tend to be secondary in most cases.
Unlike Friend Finder Networks, Yahoo is a mainstream service.
In addition to launching an internal review, Friend Finder Networks has hired Mandiant, a high-profile cybersecurity company, to investigate the hack, and is working with the FBI.
Meanwhile, the person who originally dumped the information on the so-called darkweb, who uses the nickname ROR[RG}, is demanding more than £10,000 for access to the database of users, and capitalising on the news by marketing his cybercrime services.
The Adult Friend Finder data stretched back 20 years and included information such as usernames, emails, join dates and the date of a user’s last visit, according to Leaked Source.
Passwords were also included in the trove -- the vast majority of them featured unsecured protections or none at all, the report said.
The data gave not only usernames, postal codes and dates of birth, but also an indication of which users were seeking an extra-marital affair.