Sexual secrets revealed in massive hack
Security break into 300 million accounts sparks new warning on simple passwords
THE sexual secrets of more than 300 million people around the world have been uncovered by a hack into one of the biggest providers of adults-only services, Friendfinder Network.com
The hack, carried out anonymously and data released to LeakedSource, was possible because of poor security and weak and unencrypted user passwords.
Hackers gained access to users’ e-mails and passwords and with that access to much of their personal information.
Sites that were hacked include AdultFriendfinder, tripshow, iCams.com and penthouse.com
“The leak represents 20 years of customer data,” LeakedSource said, making it “by far the largest breach we have ever seen”.
HypertextMedia editor Adam Oxford said LeakedSource had taken an ethical decision not to dump the data for criminals to mine or use for blackmail.
But it had allowed some news organisations to verify some data to ensure the hack was genuine.
“LeakedSource have warned users of the security breach without making data public, unlike the case of Ashley Madison,” Oxford said.
The hacked sites are global and could have had South Africa customers, although adultfriendfinder.com did not appear to be very popular in the country, Oxford said.
LeakedSource said many of the passwords were in plain text which Oxford said was the most shocking part.
Also, some encrypted passwords had such a low level of security they were easy to break.
Oxford warned that once hackers had people’s password, they could often access e-mail as people used the same password.
“Hackers can quietly access e-mail for months. This is more dangerous than losing bank details.
“Banks are very likely to detect fraudulent activity but once a person has your e-mail password, it is dangerous, making it easy to reset banking and other passwords more subtly.”
Users also used simple passwords that hackers could have guessed.
The top three passwords were 1234567890, 123456789 and 12345678.
The seventh most popular password was “password”.
Meanwhile, Werksmans business investigations head Bernard Hotz said hackers were not stupid and would hit people where they were vulnerable
“Most people don’t want to stand on a platform and say: ‘I was watching pornography six hours a night.’”
Hotz warned legitimate companies that it was not a case of if they were being hacked, but when.