Plaintext passwords galore in huge AdultFriendFinder hack


#1

Originally published at: http://boingboing.net/2016/11/13/plaintext-passwords-galore-in.html


#2

Isn’t this one of those sites with 10 million lonely men and 10 million really sexy bots?


#3

#4

200 they’re really sexy bots.


#5

This will be the future of these sites; male bots set up by men to trawl through the system and only notify them when they find something they like, female bots set up by the site operators. The only real people in the whole thing will be the CS graduates tweaking the algorithms.
Eventually it will be realised that passwords aren’t even necessary as none of the details in the database will be correct except for the throwaway email addresses of the users.


#6

Nearly a million accounts have the password “123456”. More than 100,000 have the password “password”.

Thanks Obama!


#7

How many have the password runner4567 ?


#8

I bet none of them thought of "Passw0rd!"
I’m still secure!


#9


#10

Can we please jail people who store plain text passwords as accessories?


#11

Ha! If I had signed to AFF, I would have used a unique random password for just that site, but I totally didn’t.


#12

I didn’t know this site still existed, it’s part of that lavalife generation of online dating services.


#13

What about those who wear plain text passwords as accessories?


#14

I’m assuming the million accounts with 123456 passwords were the bots. If you’re managing a million bot accounts, you probably give them all the same easy-to-type password.


#15

One of my best friends, that “unicorn” that men seem so desperate to find at AFF --> ex-dancer/dominatrix/adult magazine model, finds the idea of AFF still as a place to find women laughable.
She met her boyfriend of several years on a public video chat website, and never once did he try to show her his junk.


#16

you can always change it to pa$$w0rd to be extra safe…


#17

Oh, no…not Adult Friend Finder!


#18

“easy to type” is not an important requirement for a bot as all the logins have to be anyway stored somewhere without the need of human interaction. I’d guess that many 123456-style pwds belong to non-bot accounts.


#19

This topic was automatically closed after 5 days. New replies are no longer allowed.