Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group.Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group.In May, Leaked Source removed 117 million emails and passwords of Linked In users after receiving a cease-and-desist order from the company.Kirk is a veteran journalist who has reported from more than a dozen countries.CSOonline reported that someone had posted screenshots on Twitter showing a local file inclusion vulnerability in Adult Friend Finder.
========================================================================= *\ Shopping cart olor \* ========================================================================= */ .card-icon i /*!The person who found that flaw has gone by the nicknames 1x0123 and Revolver on Twitter, which has suspended the accounts.CSOonline reported that the person posted a redacted image of a server and a database schema generated on Sept. In a statement supplied to ZDNet, Friend Finder Networks confirmed that it had received reports of potential security problems and undertook a review.Some of the claims were actually extortion attempts.But the company fixed a code injection flaw that could have enabled access to source code, Friend Finder Networks told the publication.Leaked Source provided samples of data to journalists where those sites were mentioned.But the leaked data could encompass many more sites, as Friend Finder Networks runs as many as 40,000 websites, a Leaked Source representative says over instant messaging.One large sample of data provided by Leaked Source at first seemed to not contain current registered users of Adult Friend Finder.But the file "seems to contain much more data than one single site," the Leaked Source representative says.Friend Finder Networks, stung last year when its Adult Friend Finder website was breached, could not be immediately reached for reaction (see Dating Website Breach Spills Secrets).Troy Hunt, an Australian data breach expert who runs the Have I Been Pwned data breach notification site, says that at first glance some of the data appears legitimate, but it's still early to make a call. "I'd need to see a complete data set to make an emphatic call on it." If the data is accurate, it would mark one of the largest data breaches of the year behind Yahoo, which in October blamed state-sponsored hackers for compromising at least 500 million accounts in late 2014 (see Massive Yahoo Data Breach Shatters Records).