However, much the same way metadata collection provides insight to the NSA, this type of information provides attackers with plenty of leverage that can be used against the public.Spear phishing becomes a lot easier when attackers not only have an email address, but also location, language, and race.Cross dressing, exhibitionism, swinging, BDSM, virtual relationships, group sex… They’re one of the first ‘adult’ dating sites out created and still remain one of the largest.
Plus, I’ve learned a few tips and tricks with the service over the years, ones that have helped me meet someone without paying a penny. AFF is the adult dating site you want to subscribe to.Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation," said Diana Ballou, vice president and senior counsel, in an email on Friday."While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability," she said."Friend Finder takes the security of its customer information seriously and will provide further updates as our investigation continues," she added.When pressed on details, Ballou declined to comment further.In this case, the administrator would have had two opportunities to notice the abnormality: 1) At the database level, as the data was extracted.2) At the webserver level, where an abnormal amount of traffic would be sent to a specific address.But why Friend Finder Networks has held onto millions of accounts belonging to customers is a mystery, given that the site was sold to Penthouse Global Media in February."We are aware of the data hack and we are waiting on Friend Finder to give us a detailed account of the scope of the breach and their remedial actions in regard to our data," said Kelly Holland, the site's chief executive, in an email on Saturday.Holland confirmed that the site "does not collect data regarding our members' sexual preferences."Leaked Source said breaking with usual tradition because of the kind of breach, it will not make the data searchable.), you’ve got a fresh, new feel to an age-old pursuit: sex. Yes, AFF now offers their users the opportunity to control a remote sex device (usually a dildo, thus the name) in another user’s possession.Virtual sex takes on a whole new meaning now, doesn’t it?The source IP addresses collected can even provide pinpoint street locations for attacks.The attack methodology deployed in this instance was not released, but it would be fair to assume that it leveraged a kind of SQL Injection attack or similar, where the information is wormed out of the back-end database through a flaw in the webserver.