The attack exposed the records of more than 360 million users, and not just from AdultFriendFinder, but also from sister sites of the popular FriendFinder network. To date, this remains one of the largest database breaches ever recorded, leaking the email addresses, usernames, passwords, sexual orientations and even spoken languages of millions of people spanning over two decades of AFF history.
Worse, it exposed some extremely poor security practices, including using SHA-1 cryptographic hashing, which was over a decade old by the time of the breach, and storing account passwords in plain text. This was an embarrassing moment for the company.
adult friend finder
—
Readers’ Choice for Casual Connections
tinder
—
Top picks for finding hookups
Hinge
—
Popular choice for regular appointments
Thankfully, FriendFinder Networks took this breach very seriously indeed, and dramatically increased their security practices and protocols. Here are three major changes they’ve made to help protect future users:
Credit: AdultFriendFinder
AFF overhauls its database security
Think of a website’s database as a type of bank vault. This is where all the most valuable things are kept hidden. And thieves would love to get their hands on all this. In 2016, before the attack, AdultFriendFinder had the equivalent of a single-lock safe: It looked secure and intimidating, but malicious actors had long ago figured out how to crack the code and get their hands on the loot.
Mashable Trend Report
Now, AFF uses the latest in encryption technology to strengthen security, including a technique called “salted hashing” in which each password is combined with a unique, random string of characters (known as a salt) and then passed through a one-way hash function. This is a sophisticated way of making sure that accounts that use the same password on different sites (looking at you, people who use the same “password” as your password) aren’t also vulnerable during a breach.
AFF appoints external security experts
The bitter truth is that companies cannot fight alone in the cyber security battle. Homeland security teams, no matter how smart and hard-working, are no match for an army of hackers and malicious actors. These scammers work 24/7 and are always evolving and finding new ways to access your valuable data.
Adult Friend Finder vs. Tinder: How They Compare as Hookup Apps
The 2016 data breach humbled AFF enough to recognize this fact, and they have since been contracting for cybersecurity assistance, including help from Google subsidiary Mandiant. These cybersecurity companies not only check for potential weaknesses in your coding – they also look at corporate structure and employee practices to evaluate potential vulnerabilities.
Forced password reset
Not all cybersecurity vulnerabilities are the website’s fault (or specific fault). Sometimes, users’ laziness can be a major weakness – in other words, using the same password year after year and assuming it’s fine. Tightening AFF’s security includes forced password resets, so you can’t use the same password all the time.
All your Hinge questions answered
This is now basically standard operating procedure on the Internet: once every six months or once a year, you’ll be asked to choose a new password. AFF has formalized this approach to help protect against password vulnerabilities it cannot control, such as leaks on other dating sites. (Be honest: how many of you use the same password on multiple sites? It doesn’t take much for a hacker to apply a leaked password from one site to other sites). It also protects against hardware malware like keyloggers.
At the end of this year, it will be exactly a decade since AdultFriendFinder’s last security breach. Say what you will about their past mistakes – a full decade of success in cybersecurity is an accomplishment, and modern users of the site should be grateful that the AFF has stepped up its game in such a big way.
Subject
Apps and Software Cyber Security
<a href