Passwords easy to crack
Although most passwords were hashed with SHA-1, this can be easily cracked. According to LeakedSource, 103,070,536 AdultFriendFinder passwords were stored in plain text, while 232,137,460 were hashed with SHA-1, but the site estimated that 99.3% of all passwords from this website had been cracked.
The hacked data once again shows that most people use simple, easy-to-guess passwords, with the six most common passwords being 123456, followed by 12345, 123456789, 12345678 and 1234567890. The next most common passwords used for these adult sites were: password, qwerty and qwertyuiop.
The emails registered on the sites include 5,650 from .gov domains and 78,301 from .mil domains, but the most common domain is Hotmail.com, followed by Yahoo.com and Gmail.com.
The most common languages are English (248,986,884), Spanish (63,602,761), Portuguese (29,827,490), French (23,313,262) and Chinese (10,384,967).
FriendFinder Networks has neither confirmed nor denied the breach, but in a statement said it had received a number of reports regarding potential security vulnerabilities from a variety of sources.
“Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation,” said Diana Ballou, FriendFinder senior counsel, in a statement.
“While a number of these claims [about security vulnerabilities] proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability,” she said.
The only way to shore up defences is by getting the basics right, from implementing the correct procedures, to managing critical assets through a proactive and integrated approach, according to Peter Martin, managing director at security management firm RelianceACSN.
“It doesn’t matter what industry you are in. Company directors and managers are legally accountable for people’s personal data,” he said.
Businesses need to professionalise their operations data security, said Martin. “To do this they need trained experts and engineers, not well-meaning but overworked internal staff doing their best. That approach is no longer good enough. Until organisations have got the basics right, we’ll continue to see breaches like this happening on a daily basis,” he warned.