Daily Archives: January 13, 2016

Charles Leaver – Data Leak At Adult Friend Finder Preventable With Ziften Endpoint Security

Published by:

Written By Chuck McAuley And Presented By Charles Leaver Ziften CEO

Endpoint Security Is The Best Friend For Adult Friend Finder

Adult Friend Finder, an online “dating service” and its affiliates were hacked in April. The breached information included charge card numbers, usernames, passwords, dates of birth, address details and personal – you understand – preferences. What’s frequently not highlighted in these cases is the monetary worth of such a breach. Numerous would argue that having an email address and the associated data might be of little value. Nevertheless, much the same way metadata collection provides insight to the NSA, this type of information offers attackers with plenty of leverage that can be used against the general public. Spear phishing ends up being a lot easier when assailants not only have an email address, however also area, language, and race. The source IP addresses gathered can even provide pinpoint street locations for attacks.

The attack approach released in this instance was not publicized, however it would be fair to assume that it leveraged a sort of SQL Injection attack or similar, where the data is wormed out of the back-end database through a defect in the webserver. Another possible mechanism could have been pirating ssh keys from a compromised admin account or github, but those tend to be secondary for the most part. Either way, the database dump itself is 570 Mb, and presuming the data was exfiltrated in a few big transactions, it would have been really visible on a network level. That is, if Adult Friend Finder were utilizing a solution that offered visibility into network traffic.

Ziften ZFlow ™ enables network visibility into the cloud to catch aberrant data transfers and attribute to particular executing procedures. In this case, the administrator would have had two opportunities to observe the irregularity: 1) At the database level, as the data was extracted. 2) At the webserver level, where an unusual quantity of traffic would be sent to a particular address. Organizations like Adult Friend Finder must acquire the needed endpoint and network visibility required to secure their consumers’ personal data and “hook up” with a business like Ziften.