Skip to main content

3 AdultFriendFinder security improvements made after the 2016 data breach

By
AFF on phone

Every major online dating service has been targeted by malicious hackers looking to access private information, but few attacks have been as severe, as pervasive, or as publicly damaging as the data breach attack on AdultFriendFinder in October 2016.

The attack exposed the records of more than 360 million users, and not just from AdultFriendFinder itself but sister sites across the popular FriendFinder network. To this day, it is still one of the largest database breaches ever recorded, leaking the email addresses, usernames, passwords, sexual orientations, and even spoken languages of millions of people across more than two decades of AFF history.

Worse still, it exposed some downright shoddy security practices, which included using SHA-1 cryptographic hashing, already more than a decade out of date by the time of the breach, and storing account passwords in plain text. It was an embarassing moment for the company.

Thankfully, FriendFinder Networks took this breach very seriously indeed, and dramatically stepped up its security practices and protcols. Here are three major changes they made to help protect future users:

AdultFriendFinder logo
Credit: AdultFriendFinder

AFF overhauled their database security

Think of a website's database as a kind of bank vault. It's where all the most valuable stuff is stashed. And thieves would love to get their hands on it all. In 2016, prior to the attack, AdultFriendFinder had the equivalent of a single-lock safe: it looked secure and intimidating, but malicious actors had long ago figured out how to crack the code and get their hands on the loot. 

Now, AFF uses the latest in encryption technology to bolster security, including a technique called "salted hashing" that involves combining each password with a unique, random string of characters (known as the salt) and then passing them through a one-way hash function. It's a sophisticated way of ensuring that even accounts using identical passwords across different sites (looking at you, people who use "password" for your password) aren't all vulnerable during a breach.

AFF hired outside security experts

The ugly truth is that companies can't go it alone in the battle for cybersecurity. In-house security teams, as smart and hardworking as they may be, just don't stand a chance against an army of hackers and malicious actors. These scammers work 24/7 to access your valuable data and are always evolving and finding new ways through. 

SEE ALSO: Adult Friend Finder vs. Tinder: How they compare as hookup apps

The 2016 data breach humbled AFF enough to recognize this fact, and they've been contracting outside cybersecurity help ever since, including help fro Google subsidiary Mandiant. These cybersecurity firms don't just examine the potential vulnerabilities in your coding — they also look at corporate structure and employee practices to evaluate potential vulnerabilities. 

Forced password resets

Not all cybersecurity vulnerabilities are the fault (or exclusive fault) of the website. Sometimes, users' laziness can be a major vulnerability — in other words, using the same passwords year after year and assuming that's OK. Beefing up AFF's security has involved forced password resets, so you can't just use the same password all the time.

SEE ALSO: All your Hinge questions, answered

This is now basically standard operating procedure across the internet: Once every six months or once a year, you'll be asked to choose a new password. AFF has formalized this approach to help secure against password vulnerabilities that it can't control, such as leaks on other dating sites. (Be honest: How many of you use the same password across multiple sites? It doesn't take much for a hacker to apply a leaked password from one site to a whole bunch of other sites). This also protects against hardware malware such as keyloggers. 

Later this year, exactly one decade will have elapsed since AdultFriendFinder's last security breach. Say what you will about their past mistakes — a full decade of cybersecurity success is an achievement, and modern users of the site should be grateful that AFF has stepped up their game in such a big way.



from Mashable https://ift.tt/kKW8pPE
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

The Nintendo Switch has been the US’s bestselling console for 23 straight months

By
Photo by James Bareham / The Verge It’s been a good two years for the Nintendo Switch. According to Nintendo, the gaming tablet has been the bestselling console in the US for 23 straight months. And according to data from the NPD Group, it just had its best October ever, moving 735,926 units of both the Switch and Switch Lite in the US. The company says that represents a 136 percent increase compared to last year. To date, the Switch has sold 22.5 million units in the US, and last week Nintendo revealed that more than 68 million units have been sold globally . “We’re excited about our momentum,” says Nick Chavez, Nintendo of America’s SVP of sales and marketing. Chavez puts the company’s big October down to two main factors. One is a better supply of stock; this year in particular, it’s often been hard to find a Switch on store shelves. This has only been exacerbated by increased demand due to a combination of the pandemic and the breakout success of Animal Crossing: New Horizons . ...
Post a Comment
Read more

Instagram accidentally reinstated Pornhub’s banned account

By
After years of on-and-off temporary suspensions, Instagram permanently banned Pornhub’s account in September. Then, for a short period of time this weekend, the account was reinstated. By Tuesday, it was permanently banned again. “This was done in error,” an Instagram spokesperson told TechCrunch. “As we’ve said previously, we permanently disabled this Instagram account for repeatedly violating our policies.” Instagram’s content guidelines prohibit  nudity and sexual solicitation . A Pornhub spokesperson told TechCrunch, though, that they believe the adult streaming platform’s account did not violate any guidelines. Instagram has not commented on the exact reasoning for the ban, or which policies the account violated. It’s worrying from a moderation perspective if a permanently banned Instagram account can accidentally get switched back on. Pornhub told TechCrunch that its account even received a notice from Instagram, stating that its ban had been a mistake (that message itse...
Post a Comment
Read more

MVP versus EVP: Is it time to introduce ethics into the agile startup model?

By
Anand Rao Contributor Share on Twitter Anand Rao is global head of AI at PwC . The rocket ship trajectory of a startup is well known: Get an idea, build a team and slap together a minimum viable product (MVP) that you can get in front of users. However, today’s startups need to reconsider the MVP model as artificial intelligence (AI) and machine learning (ML) become ubiquitous in tech products and the market grows increasingly conscious of the ethical implications of AI augmenting or replacing humans in the decision-making process. An MVP allows you to collect critical feedback from your target market that then informs the minimum development required to launch a product — creating a powerful feedback loop that drives today’s customer-led business. This lean, agile model has been extremely successful over the past two decades — launching thousands of successful startups, some of which have grown into billion-dollar companies. However, building high-performing product...
Post a Comment
Read more