Hook-up and dating site Adult FriendFinder has a serious database vulnerability that could reveal usernames, passwords and other information, it has been claimed.
The suggestion of a security flaw first came from self-styled “underground researcher” 1×0123 on Tuesday night, who posted on Twitter a screen grab that suggested Adult FriendFinder has a Local File Inclusion (LFI) vulnerability.
Researcher 1×0123 wrote: “F**kload of databases with same user/password + runing as root”.
Later he or she tweeted: “No reply from #adulfriendfinder.. time to get some sleep they will call it hoax again and i will f**king leak everything”.
While there is currently no suggestion of a public data leak, the situation could prove very serious for the company if it is real; a leak would expose vulnerable data that is both highly personal and potentially embarassing.
Our sister site, IT PRO, has contacted FriendFinder Networks for a response to 1×0123’s allegations, but has not received a response at the time of publication.
The scenario is highly reminiscent of the Ashley Madison hack last year. During that data breach, the details of around 37 million users worldwide were compromised, with a number of people’s usernames, login details and other credentials were posted online in protest at parent company Avid Life Media’s account deletion process, which people paid for but failed to deliver on its promises.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
