Charles Leaver – Adult Friend Finder Preventable By Using Better Endpoint Security

Written By Chuck McAuley And Presented By Charles Leaver Ziften CEO

Endpoint Security Is The Very Best Friend For Adult Friend Finder

Adult Friend Finder, an online “dating service” and its affiliates were hacked in April. The breached info included credit card numbers, usernames, passwords, birth dates, address details and personal – you know – choices. What’s often not highlighted in these cases is the monetary worth of such a breach. Numerous would argue that having an email address and the associated data might be of little worth. Nevertheless, the same way metadata collection provides insight to the NSA, this type of info provides attackers with lots of leverage that can be utilized against the public. Spear phishing ends up being a lot much easier when opponents not only have an e-mail address, but also location, language, and race. The source IP addresses collected can even offer exact street locations for cyber attacks.

The attack method released in this instance was not released, however it would be reasonable to presume that it leveraged a kind of SQL Injection attack or comparable, where the info is wormed out of the back-end database through a defect in the web server. Another possible methodology might have been hijacking ssh keys from a jeopardized admin account or github, however those tend to be secondary most of the time. In either case, the database dump itself is 570 Mb, and presuming the data was exfiltrated in a couple of big transactions, it would have been very obvious on a network level. That is, if Adult Friend Finder were utilizing a service that offered visibility into network traffic.

Ziften ZFlow ™ makes it possible for network visibility into the cloud to catch aberrant data transfers and attribute to particular executing procedures. In this case, the administrator would have had two chances to discover the problem: 1) At the database level, as the data was extracted. 2) At the web server level, where an abnormal amount of traffic would be sent out to a specific address. Organizations like Adult Friend Finder should gain the necessary endpoint and network visibility required to protect their customers’ individual data and “hook up” with a business like Ziften.