AFF/Penthouse has been hacked, 400 millions accounts, largest hack in 2016 - GoFuckYourself.com - Adult Webmaster Forum

X

Why

MFBA

Join Date: Mar 2003

Posts: 7230
Share

Post
#1

AFF/Penthouse has been hacked, 400 millions accounts, largest hack in 2016

11-13-2016, 07:57 AM

All customer data has been liiberated, as per:
https://www.leakedsource.com/blog/friendfinder

400 million accounts, even 'closed' accounts are still in their database, and apparently the passwords were mostly stored insecurely.

better go download them lists and get to mailing :x
Tags: None
Bladewire

StraightBro

Join Date: Aug 2003

Posts: 56228
Share

Post
#2

11-13-2016, 08:05 AM

Wow! Thanks for the heads up

Skype: CallTomNow
Comment
Barry-xlovecam

It's 42

Join Date: Jun 2010

Posts: 18083
Share

Post
#3

11-13-2016, 09:02 AM

The bigger issue are the emailers that 'save' your mail list -- their compromising hacks are rarely reported -- ever notice how you get sudden bursts of Spam emails?
Comment
Brian mike

#Alberta51

Join Date: Oct 2014

Posts: 8735
Share

Post
#4

11-13-2016, 09:32 AM

Thanks for the heads up

Tube - Cam - Escorts - Top List
Menu Tab - Banner - Header Link - Blog Post
DM me
Comment
Smack dat

So Fucking Banned

Join Date: Jul 2016

Posts: 4613
Share

Post
#5

11-13-2016, 09:44 AM

Not surprised.
Comment
Feng-PD

www.PornDeals.com

Join Date: Jul 2011

Posts: 3964
Share

Post
#6

11-13-2016, 09:45 AM

how to get that list lol dont see it on the site!

PornDeals.com - WebcamDeals.com - GayDeals.com - PornCoupons.comnew!

Skype : fengwu83
Email : feng{atter}porndeals{dotter}com
Comment
j3rkules

VIP

Join Date: Jul 2013

Posts: 22111
Share

Post
#7

11-13-2016, 09:58 AM

Wow, it is really big...

How To Build A Porn Site And Make Money | My Best $$$ Cam Sponsor | New Webcam Script

3 Top Adult Hosting Providers
Comment
Why

MFBA

Join Date: Mar 2003

Posts: 7230
Share

Post
#8

11-13-2016, 10:09 AM

Originally posted by Feng-PD

how to get that list lol dont see it on the site!

its in the wild, just have to know the right people or the right places to look.
Comment
NemesisEnforcer

Confirmed User

Join Date: Aug 2003

Posts: 2122
Share

Post
#9

11-13-2016, 10:11 AM

Originally posted by Why

400 million accounts, even 'closed' accounts are still in their database, and apparently the passwords were mostly stored insecurely.

Nice piece of nugget

The Only Time When Success Comes Before Work Is In A Dictionary.

Did you ever notice: When you put the 2 words 'The' and 'IRS' together it spells 'Theirs.'
Comment
NemesisEnforcer

Confirmed User

Join Date: Aug 2003

Posts: 2122
Share

Post
#10

11-13-2016, 10:14 AM

Originally posted by Feng-PD

how to get that list lol dont see it on the site!

Try the dark web.

The Only Time When Success Comes Before Work Is In A Dictionary.

Did you ever notice: When you put the 2 words 'The' and 'IRS' together it spells 'Theirs.'
Comment
NewNick

Confirmed User

Join Date: Mar 2009

Posts: 7229
Share

Post
#11

11-13-2016, 10:21 AM

Old news.

"Americas Hitler" JD Vance.
“There isn’t really an upside to Trump.” Tucker Carlson.
“a convicted felon rapist is now your president” OneHungLow, gfy.com
Comment
Why

MFBA

Join Date: Mar 2003

Posts: 7230
Share

Post
#12

11-13-2016, 10:24 AM

Originally posted by Barry-xlovecam

The bigger issue are the emailers that 'save' your mail list -- their compromising hacks are rarely reported -- ever notice how you get sudden bursts of Spam emails?

or they just sell the older ones for a cash infusion.
Comment
Why

MFBA

Join Date: Mar 2003

Posts: 7230
Share

Post
#13

11-13-2016, 10:25 AM

Originally posted by NewNick

Old news.

not so much, this happened just a few weeks ago.

i think the old news you refer to was the last time they were hacked.
Comment
Why

MFBA

Join Date: Mar 2003

Posts: 7230
Share

Post
#14

11-13-2016, 10:26 AM

the sad part to me is how inept AFFs tech talent appears to be. they were storing passwords in plain text and/or SHA1. its not hard to reverse SHA1 passwords, then take the whole lot and properly secure them.

anyone still doing this deserves any bad press they get.
Comment
poncabare

Confirmed User

Join Date: Jul 2007

Posts: 2552
Share

Post
#15

11-13-2016, 01:38 PM

Uh oh...
Comment
RyuLion

ClubDomCash.com

Join Date: Mar 2003

Posts: 32369
Share

Post
#16

11-13-2016, 02:18 PM

Originally posted by jerkules

Wow, it is really big...

That's what she said..

Adult Biz Consultant A tech head since 1995
Affiliate Support: Chaturbate | CCBill Live
Comment
TeenCat

Too lazy to set a koala

Join Date: Jan 2007

Posts: 16139
Share

Post
#17

11-13-2016, 02:50 PM

year ago they have been hacked and now year later they still have passwords in plain and nobody have found that someone is downloading whole db? that is not like you download whole db every day, and one of first things is to limit any db operations for ips 400millions is 39x times more than all people in my country, and they have security like that?

6bot / Coming again very soon!
Svit Zlin Radio 24/7!
Comment
babeterminal

Confirmed User

Join Date: Jul 2010

Posts: 2751
Share

Post
#18

11-13-2016, 03:57 PM

Originally posted by TeenCat

year ago they have been hacked and now year later they still have passwords in plain and nobody have found that someone is downloading whole db? that is not like you download whole db every day, and one of first things is to limit any db operations for ips 400millions is 39x times more than all people in my country, and they have security like that?

teencat is 6bot finished now, no update for nearly 2 years?

password changed, on doing so there was some new tos i had to agree with before i could enter program, never read it anyone know the summary of the changes?

*SIG SPOT SEND MESSAGE IF INTERESTED*
Comment
HairyChick

Slowly dying

Join Date: Sep 2012

Posts: 3091
Share

Post
#19

11-13-2016, 05:10 PM

Another story said iCams and cams.com were hit as well. Fifteen million accounts on AFF were old customers who didn't renew. One organization unencoded 99% of passwords. Hacked a year ago and then again. I'd not trust them with my info.

*****************************************
Anti-Semites have Small Penis Syndrome. The only known treatment is electroshock therapy combined with cerebellum removal. Fortunately, it’s a tiny procedure.
*****************************************
Comment
the Shemp

congrats to the winners

Join Date: Nov 2001

Posts: 10891
Share

Post
#20

11-13-2016, 05:43 PM

I used to be on a 35% payout for life, but aff hacked me down to 20%...

i use Vacares...so should you
Submit your picture galleries to my site...Outlaw TGP
Comment
freecartoonporn

Confirmed User

Join Date: Jan 2012

Posts: 7683
Share

Post
#21

11-13-2016, 06:12 PM

400 mil emails wowza.

SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean
Comment
st0ned

Confirmed User

Join Date: Mar 2007

Posts: 8437
Share

Post
#22

11-13-2016, 09:13 PM

Surprising that these individuals and/or groups even release the data unless they have already hit it and want to further hide themselves in the additional flood of emails.

I guess it is for fame outside of that? They could make a killing with that many emails that's for sure.

Conversion Sharks - 1,000+ adult dating offers, traffic management, and consistently high payouts.
We will guarantee and beat your current EPC to win your dating traffic!
Skype: ConversionSharks || Email: info /@/ conversionsharks.com
Comment
NALEM

Confirmed User

Join Date: Nov 2010

Posts: 3163
Share

Post
#23

11-13-2016, 09:30 PM

Originally posted by Why

the sad part to me is how inept AFFs tech talent appears to be. they were storing passwords in plain text and/or SHA1. its not hard to reverse SHA1 passwords, then take the whole lot and properly secure them.

anyone still doing this deserves any bad press they get.

We use SHA512, not SHA1, to hash our passwords. It's still not ideal. Any of you cyber experts wan't to chime in and make some suggestions.

"The time men spend in trying to impress others they could spend in doing the things by which others would be impressed."
Comment
Barry-xlovecam

It's 42

Join Date: Jun 2010

Posts: 18083
Share

Post
#24

11-13-2016, 10:05 PM

Use some variable, other than the user name, to salt the password before you hash it.

Emails are a big problem. Not only are they of great marketing value -- email and user data is an extortion bonanza. If you value your businesses reputation and brand goodwill you need to actively secure this data.

The email marketing is problematic. For a medium sized business, doing high volume mail outs, the Spam server rules create security gaps that you have to trust to others (mailers).

The other point is network, database server and script security -- how did the hackers breach the system's security?
Comment
itx

Confirmed User

Join Date: Aug 2007

Posts: 980
Share

Post
#25

11-13-2016, 10:56 PM

If we are FFN affiliates we dont need spread this info, my .
Comment
PornDiscounts-V

Confirmed User

Join Date: Oct 2003

Posts: 5744
Share

Post
#26

11-14-2016, 12:02 AM

First off... AFF has been hackable since the beginning. And many individuals and hacking groups have been having their way with them.

It is common knowledge in hacking back channels that it is very easy to signup as an affiliate, and then fake, crap traffic, then go into the database and find whales, now swap the affiliate id for your own. Now you too can live in mother Russia like a czar with all of your ill gotten gains.

I would posit that this is going on with almost all affiliate programs dealing with dating and cams.

Btw, doesn't matter if you lock down mysql by ip since the hacker has full control of a white listed box.

Blog Posts - Contextual Links - Hardlinks on 600+ Blog Network
* Handwritten * 180 C Class IPs * Permanent! * Many Niches! * Bulk Discounts! GFYPosts /at/ J2Media.net
Comment
CAHEK

C.C.C.P.

Join Date: Aug 2003

Posts: 7413
Share

Post
#27

11-14-2016, 12:09 AM

400 million is huge base

Pharma from True-Meds. High converting shop in Europe and USA, fast payouts via BTC !!!

Make Europe Poor Again (MEPA)
Comment
TeenCat

Too lazy to set a koala

Join Date: Jan 2007

Posts: 16139
Share

Post
#28

11-14-2016, 01:11 AM

Originally posted by st0ned

Surprising that these individuals and/or groups even release the data unless they have already hit it and want to further hide themselves in the additional flood of emails.

I guess it is for fame outside of that? They could make a killing with that many emails that's for sure.

it is easy, if you are original hacker, you will no release, if you are someone lucky and dumb, you will release, but mostly it is because the hole have been already filled, so no reason to keep the datas somewhere on local

6bot / Coming again very soon!
Svit Zlin Radio 24/7!
Comment
TeenCat

Too lazy to set a koala

Join Date: Jan 2007

Posts: 16139
Share

Post
#29

11-14-2016, 01:17 AM

Originally posted by vvvvv

Btw, doesn't matter if you lock down mysql by ip since the hacker has full control of a white listed box.

hm, not sure about this one, because if the db operations are active only for one or two ips, i mean ip of billing or script which is writing into the db, you cannot do anything except from those two ips, and if someone change the settins, then some warning systems have to be activated. but, i am not good in those redneck things but looks like aff security guys have also a bit to learn ... another thing is that every big target will always be under attack, so have luck everyone

6bot / Coming again very soon!
Svit Zlin Radio 24/7!
Comment
itx

Confirmed User

Join Date: Aug 2007

Posts: 980
Share

Post
#30

11-14-2016, 01:21 AM

If FFN is under attack we need this thing get unnoticed, we can as a Webmasters, they dont give a fuck if trump wins and they dont use it as excuse. We need be the MAFIA.
Comment
TeenCat

Too lazy to set a koala

Join Date: Jan 2007

Posts: 16139
Share

Post
#31

11-14-2016, 06:49 AM

Originally posted by babeterminal

teencat is 6bot finished now, no update for nearly 2 years?

password changed, on doing so there was some new tos i had to agree with before i could enter program, never read it anyone know the summary of the changes?

yes man two years is a nice holidays, 6bot will be back at work very soon

6bot / Coming again very soon!
Svit Zlin Radio 24/7!
Comment
Adnium_Ivana

Confirmed User

Join Date: Jun 2016

Posts: 1094
Share

Post
#32

11-14-2016, 09:18 AM

It's approx 412 million user details (like passwords & account info) that have leaked. A) that is one massive and envy inducing user base and B) Any site with such a huge list needs top anti-hacking and anti-pirating security. I mean get more people on your Dev & Ops team and invest in top notch software, you've got the $$

Skype - ivana.gsmi
Email - [email protected]
[URL="https://adnium.com/ref/3168"]
Comment
Brian mike

#Alberta51

Join Date: Oct 2014

Posts: 8735
Share

Post
#33

11-14-2016, 09:31 AM

Originally posted by Adnium_Ivana

you've got the $$

Do they really have it or they get in the TINDER FREE APP storm too ?

I heard from many client of the Dating world that; they all have lose big at the arrival of the type of Tinder FREE APP Models .

Someone can put some intel on that ?

Tube - Cam - Escorts - Top List
Menu Tab - Banner - Header Link - Blog Post
DM me
Comment
Why

MFBA

Join Date: Mar 2003

Posts: 7230
Share

Post
#34

11-14-2016, 09:54 AM

Originally posted by TeenCat

hm, not sure about this one, because if the db operations are active only for one or two ips, i mean ip of billing or script which is writing into the db, you cannot do anything except from those two ips, and if someone change the settins, then some warning systems have to be activated. but, i am not good in those redneck things but looks like aff security guys have also a bit to learn ... another thing is that every big target will always be under attack, so have luck everyone

his point was if you have access to the one of the servers owning the whitelisted IPs in the database server, there is no way to keep the data safe. Ip protecting your database when your code is insecure doesn't do much for you.
Comment
TeenCat

Too lazy to set a koala

Join Date: Jan 2007

Posts: 16139
Share

Post
#35

11-14-2016, 10:10 AM

Originally posted by Why

his point was if you have access to the one of the servers owning the whitelisted IPs in the database server, there is no way to keep the data safe. Ip protecting your database when your code is insecure doesn't do much for you.

ok man got it, thanks for the explanation

6bot / Coming again very soon!
Svit Zlin Radio 24/7!
Comment
Adnium_Ivana

Confirmed User

Join Date: Jun 2016

Posts: 1094
Share

Post
#36

11-14-2016, 10:21 AM

Originally posted by Brian mike

Do they really have it or they get in the TINDER FREE APP storm too ?

I heard from many client of the Dating world that; they all have lose big at the arrival of the type of Tinder FREE APP Models .

Someone can put some intel on that ?

If' they've got servers to run and support 400 mill user base + plus traffic in the 100+ millions I'm assuming such a company has got the dough for security

Skype - ivana.gsmi
Email - [email protected]
[URL="https://adnium.com/ref/3168"]
Comment
romeo22

你自己去他媽的

Join Date: Mar 2008

Posts: 23350
Share

Post
#37

11-14-2016, 11:01 AM

Wohoo nice !!!!
Comment
rhon23

Rebel Girl

Join Date: Jun 2003

Posts: 3274
Share

Post
#38

11-14-2016, 01:05 PM

In light of recent Friend Finder events we would like to share our statement from Penthouse.

“Prior to February 19th, 2016 Penthouse was a subsidiary of FriendFinder Networks, Inc. and subject to their controls and procedures. As of the close of the sale, Penthouse now operates independent of FriendFinder Networks, Inc.
We are aware of the data hack and we are waiting on FriendFinder to give us a detailed account of the scope of the breach and their remedial actions in regard to our data. Penthouse.com is a content site and does not collect data regarding our members sexual preferences. We take our members’ data and site security seriously. We assumed full control of Penthouse.com in May of 2016 and immediately adopted a blanket policy requiring all of our members to change their passcodes. At the time our members weren’t thrilled with the inconvenience but we remain committed to “best practices” in regard to keeping our members’ data secure.”
Comment
Why

MFBA

Join Date: Mar 2003

Posts: 7230
Share

Post
#39

11-14-2016, 01:13 PM

Originally posted by rhon23

In light of recent Friend Finder events we would like to share our statement from Penthouse.

?Prior to February 19th, 2016 Penthouse was a subsidiary of FriendFinder Networks, Inc. and subject to their controls and procedures. As of the close of the sale, Penthouse now operates independent of FriendFinder Networks, Inc.
We are aware of the data hack and we are waiting on FriendFinder to give us a detailed account of the scope of the breach and their remedial actions in regard to our data. Penthouse.com is a content site and does not collect data regarding our members sexual preferences. We take our members? data and site security seriously. We assumed full control of Penthouse.com in May of 2016 and immediately adopted a blanket policy requiring all of our members to change their passcodes. At the time our members weren?t thrilled with the inconvenience but we remain committed to ?best practices? in regard to keeping our members? data secure.?

which begs the question, if the acquiring party noticed this huge issue with how passwords were being stored, why did AFF not, and/or why did they not fix at least that part of the situation long before this all happened?

incompetence or apathy?
Comment
rhon23

Rebel Girl

Join Date: Jun 2003

Posts: 3274
Share

Post
#40

11-14-2016, 01:16 PM

Originally posted by Why

which begs the question, if the acquiring party noticed this huge issue with how passwords were being stored, why did AFF not, and/or why did they not fix at least that part of the situation long before this all happened?

incompetence or apathy?

That is a friend finder question. We are now divorced from them.
Comment
money biz

Confirmed User

Join Date: Jan 2003

Posts: 1016
Share

Post
#41

11-14-2016, 02:17 PM

I bet 65% are from api dating db's that didn't really sign up cough cough
Comment
itx

Confirmed User

Join Date: Aug 2007

Posts: 980
Share

Post
#42

11-14-2016, 11:02 PM
Comment
TheDA

Confirmed User

Join Date: May 2006

Posts: 4665
Share

Post
#43

11-15-2016, 01:47 AM

Sharleen Spiteri - 1989 - In The Ass
Comment
Vendot

Confirmed User

Join Date: May 2002

Posts: 3376
Share

Post
#44

11-15-2016, 02:06 AM

Originally posted by Why

incompetence or apathy?

They look asleep at the wheel as anyone trying to get a response from affiliate support will tell you.

"In a Time of Universal Deceit, Telling the Truth is a Revolutionary Act." - George Orwell
Comment
marcop

Confirmed User

Join Date: Nov 2005

Posts: 4150
Share

Post
#45

11-15-2016, 05:21 AM

Originally posted by Why

the sad part to me is how inept AFFs tech talent appears to be. they were storing passwords in plain text and/or SHA1. its not hard to reverse SHA1 passwords, then take the whole lot and properly secure them.

anyone still doing this deserves any bad press they get.

This....
Comment
PornDiscounts-V

Confirmed User

Join Date: Oct 2003

Posts: 5744
Share

Post
#46

11-15-2016, 07:14 AM

Originally posted by TeenCat

hm, not sure about this one, because if the db operations are active only for one or two ips, i mean ip of billing or script which is writing into the db, you cannot do anything except from those two ips, and if someone change the settins, then some warning systems have to be activated. but, i am not good in those redneck things but looks like aff security guys have also a bit to learn ... another thing is that every big target will always be under attack, so have luck everyone

True, except that you cannot process anything directly in your own database? You always have to use some billing tool to do it? Not!

Blog Posts - Contextual Links - Hardlinks on 600+ Blog Network
* Handwritten * 180 C Class IPs * Permanent! * Many Niches! * Bulk Discounts! GFYPosts /at/ J2Media.net
Comment
JFK

FUBAR the ORIGINATOR

Join Date: Jan 2002

Posts: 67373
Share

Post
#47

11-15-2016, 08:15 AM

Originally posted by RyuLion

That's what she said..

You wish !

FUBAR Webmasters - The FUBAR Times - FUBAR Webmasters Mobile - FUBARTV.XXX
For promo opps contact jfk at fubarwebmasters dot com
Comment
romeo22

你自己去他媽的

Join Date: Mar 2008

Posts: 23350
Share

Post
#48

11-15-2016, 08:21 AM

Me gusta much
Comment

Previous template Next

Working...