Another possible mechanism could have been hijacking ssh keys from a compromised admin account or github, but those tend to be secondary in most cases.
Either way, the database dump itself is 570 megabytes, and assuming the data was exfiltrated in a few large transactions, it would have been very noticeable on a network level.
Adult Friend Finder, an online “dating service” and its affiliates were hacked in April.
The leaked information included credit card numbers, usernames, passwords, birth dates, physical addresses and personal — you know — preferences.
“Over the past several weeks, Friend Finder has received a number of reports regarding potential security vulnerabilities from a variety of sources,” Friend Finder Networks Vice President and Senior Counsel Diana Ballou told ZDNet.
Hook-up and dating site Adult Friend Finder has a serious database vulnerability that could reveal usernames, passwords and other information, it has been claimed.
The source IP addresses collected can even provide pinpoint street locations for attacks.
The attack methodology deployed in this instance was not released, but it would be fair to assume that it leveraged a kind of SQL Injection attack or similar, where the information is wormed out of the back-end database through a flaw in the webserver.
What's often not highlighted in these cases is the monetary value of such a breach.
Many would argue that having an email address and the associated data might be of little value.