Hack exposes 300-million users

The sexual secrets of more than 300 million people around the world have been uncovered by a hack into one of the biggest providers of more than 18 services, FriendFinder Network.com.

The hack, done anonymously and data released to the company LeakedSource, was possible because of poor security on the site and weak and unencrypted user passwords.

Hackers gained access to users' e-mails and passwords and to their personal information.

Sites hacked include adultfriendfinder.com - a sex and swinger community, stripshow, icams.com and penthouse.com.

"The leak represents 20 years of customer data," said LeakedSource.com, adding that this made it "by far the largest breach we have ever seen".

Adam Oxford, editor of Hypertext Media, said LeakedSource had taken an ethical decision not to dump the data for criminals to mine or use for blackmail.

But it had allowed news organisations to verify some of the hacked data in order to confirm that the hack was genuine.

"LeakedSource has warned the users of the security breach without making data public, unlike in the case of Ashley Madison," he said.

The hacked sites are global and could have South African customers.

LeakedSource said many of the passwords hacked were in plain text, which Oxford said was the most shocking part.

And the passwords that were encrypted had such a low level of encryption it was easy to break.

Oxford warned that once hackers had people's passwords -- they could often access their e-mail - because people tended to use the same password, he said.

"Hackers can quietly access e-mail for months. This is more dangerous than losing bank details.

"Banks are very likely to detect fraudulent activity but once a person has your e-mail password, it is dangerous and makes it easy to reset banking and other passwords more subtly."

Users also used simple passwords that hackers could easily guess.

The top three passwords were common: 1234567890, 123456789 and 12345678.

The seventh-most popular password was "password".

The longest passwords hacked included:

• schrodingersfavouritecat;
   
• youwillneverwalkalone;
   
• southafricanmolerat; and
   
• ifyourreadingthisitstoolate.

Hackers are not stupid, says Werksmans head of Business investigations, Bernard Hotz, and will hit people where they are most vulnerable.

"Most people don't want to stand on a platform and say: 'I was watching pornography for six hours a night'."

He warned legitimate companies that it was not a case of if you are being hacked, but when.

"Businesses have to keep updating security and improving it."

Who'll pay for free data?

A "proper analysis" must be done before calls for #DataMustFall are made, the Free Market Foundation said yesterday.

"We all want cheap or free data but we need to be suspicious of undisclosed agendas, gullible experts and an unconvincing industry response," said the foundation's Leon Louw yesterday.

"We need to ask critical questions. Must data really fall, if so, by how much, and at whose cost?"

- TMG Digital