Another possible mechanism could have been hijacking ssh keys from a compromised admin account or github, but those tend to be secondary in most cases.Either way, the database dump itself is 570 megabytes, and assuming the data was exfiltrated in a few large transactions, it would have been very noticeable on a network level.That is, if Adult Friend Finder were using a solution that provided visibility into network traffic.Ziften ZFlow™ enables network visibility into the cloud to catch aberrant data transfers and attribute to specific executing processes.The source IP addresses collected can even provide pinpoint street locations for attacks.The attack methodology deployed in this instance was not released, but it would be fair to assume that it leveraged a kind of SQL Injection attack or similar, where the information is wormed out of the back-end database through a flaw in the webserver.In this case, the administrator would have had two opportunities to notice the abnormality: 1) At the database level, as the data was extracted.2) At the webserver level, where an abnormal amount of traffic would be sent to a specific address.
The company primarily deals in adult entertainment, online dating, and social networking services.
However, much the same way metadata collection provides insight to the NSA, this type of information provides attackers with plenty of leverage that can be used against the public.
Spear phishing becomes a lot easier when attackers not only have an email address, but also location, language, and race.
The above tragically fascinating information comes from a well publicized hack of Adult Friendfinder, accomplished last week by “ROR[RG]”, a hacker living in the beautiful and magical city of Bangkok, Thailand.
This was absolutely not the first hack of Adult Friend Finder.