Friend Finder Networks, formerly known as Penthouse Media Group, has seen this week a data breach with over 400 million users' details compromised. Friend Finder Networks has several adult dating and pornography websites under its name.
Just last year, Friend Finder Networks also suffered its first data blow with over four million accounts stolen. Login and personal details were hacked including members' sexual preferences and extramarital histories.
This week's breach is an enormous challenge for the site with members' passwords also stolen. It was found out that Friend Finder Networks stores passwords in either plain text or SHA1 hashed. Although a fairly good practice, with only a thin layer of security, passwords are easier to hack and decode.
For months, Friend Finder Networks has been receiving security warnings from its server. Although the development team has been keen with facing the issues, hackers eventually succeeded in penetrating the site's almost entire system.
Although Friend Finder has not released an official statement just yet in response to the recent data breach, the company stays firm that it has always been serious with maintaining the security of its members.
Analysts say it is wrong to blame the whole fiasco on Friend Finder. As Jon Clay, Trend Micro's Director of Global Threat Communications says, "History has proven that hackers are able to penetrate many organizations regardless of their security controls."
This response reflects recent data breaches done on UK's Three Mobile with over 10 million users' details compromised, U.S. government networks where over 5.6 million fingerprints were stolen, and even Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts where his passwords were stolen.
"It is hard to tell if a company that has been breached is lax in their security," Jon Clay adds.
However, Stu Sjouwerman, CEO of security education company KnowBe4, believes otherwise. He says there are no excuses on the part of the company when breaches are being made, especially when it happens the second time around. "This hack is very similar to the data breach they (Friend Finder Networks) had last year. Their procedures and policies are severely lacking. Even users who believed they deleted their accounts have had them stolen again," Sjouwerman says.
Currently, there are reports that almost 16 million stolen accounts from Friend Finder are now being sold online. Amidst the news, users are desperate, and the company is not left in a position to totally delete their members' details as requested.
Tony Anscombe from Avast says that it is highly difficult for any company to totally delete anybody's account. All the company can do is to "hide" a user's details. But he finds this system broken and adds, "There has to be a better method across the whole industry of allowing somebody to remove their data from a database."
