Adult Friend Finder Needs to Find a Friend in Endpoint Security
Adult Friend Finder, an online “dating service” and its affiliates were hacked in April. The leaked information included credit card numbers, usernames, passwords, birth dates, physical addresses and personal — you know — preferences. What’s often not highlighted in these cases is the monetary value of such a breach. Many would argue that having an email address and the associated data might be of little value. However, much the same way metadata collection provides insight to the NSA, this type of information provides attackers with plenty of leverage that can be used against the public. Spear phishing becomes a lot easier when attackers not only have an email address, but also location, language, and race. The source IP addresses collected can even provide pinpoint street locations for attacks.
The attack methodology deployed in this instance was not released, but it would be fair to assume that it leveraged a kind of SQL Injection attack or similar, where the information is wormed out of the back-end database through a flaw in the webserver. Another possible mechanism could have been hijacking ssh keys from a compromised admin account or github, but those tend to be secondary in most cases. Either way, the database dump itself is 570 megabytes, and assuming the data was exfiltrated in a few large transactions, it would have been very noticeable on a network level. That is, if Adult Friend Finder were using a solution that provided visibility into network traffic.
Ziften ZFlow™ enables network visibility into the cloud to catch aberrant data transfers and attribute to specific executing processes. In this case, the administrator would have had two opportunities to notice the abnormality: 1) At the database level, as the data was extracted. 2) At the webserver level, where an abnormal amount of traffic would be sent to a specific address. Organizations like Adult Friend Finder should gain the necessary endpoint and network visibility needed to protect their customers’ personal data and “hook up” with a company like Ziften.