Better Endpoint Security Would Have Stopped Adult Friend Finder Data Breach – Charles Leaver

Written By Chuck McAuley And Presented By Charles Leaver Ziften CEO

Endpoint Security Is The Best Friend For Adult Friend Finder

Adult Friend Finder, an online “dating service” and its affiliates were hacked in April. The leaked information included credit card numbers, usernames, passwords, dates of birth, physical addresses and personal – you know – preferences. Exactly what’s typically not highlighted in these cases is the financial value of such a breach. Many would argue that having an email address and the associated data might be of little worth. Nevertheless, the same way metadata collection offers insight to the NSA, this type of information offers opponents with lots of leverage that can be used against the general public. Spear phishing ends up being a lot easier when assailants not just have an email address, however likewise area, language, and race. The source IP addresses gathered can even supply exact street locations for attacks.

The attack methodology deployed in this example was not publicized, however it would be fair to presume that it leveraged a kind of SQL Injection attack or similar, where the info is wormed out of the back-end database through a flaw in the web server. Another possible methodology could have been pirating ssh keys from a jeopardized admin account or github, however those tend to be secondary for the most part. Either way, the database dump itself is 570 megabytes, and presuming the data was exfiltrated in a couple of big transactions, it would have been extremely obvious on a network level. That is, if Adult Friend Finder were using a solution that offered visibility into network traffic.

Ziften ZFlow ™ enables network visibility into the cloud to catch aberrant data transfers and credit to specific executing processes. In this case, the administrator would have had two opportunities to discover the irregularity: 1) At the database level, as the data was extracted. 2) At the webserver level, where an abnormal amount of traffic would be sent to a particular address. Organizations like Adult Friend Finder should acquire the essential endpoint and network visibility needed to protect their consumers’ individual data and “hook up” with a company like Ziften.

Leave a Reply

Your email address will not be published. Required fields are marked *