Passwords to adult dating sites
Hey guys, Just so you know, Cloudflare just released details on a bug which may have released your usernames and passwords onto the internet. https://bugs.chromium.org/p/project-zero/issues/detail?
We want to avoid that everybody can check if an email is already registered on a Drupal site.
The longest password was "pussy.password Limit Exceeded:07/1." Other popular non-numeric passwords included words related to sex and country names.
Among the e-mail domains used for account registration there were 5,650 governmental addresses from American government domain “.gov,” and 78,301 thousand addresses from the defense domain “.mil”.
How about if it says "Further instructions have been sent to [email protected]" in both cases (the email does exist and the email does not exist). I had the same problem with a module i was working on to resend a user's name via e-email via a similiar way pass reset works.This data isn't easy for a nontechnical person to find, but for someone with knowledge of how to craft specific queries for affected websites' leaked data on search engines, it was well within their reach. 17 by Google Project Zero employee Tavis Ormandy, who, in a blog post, said he found "private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings" in the data cached by search engines.Ormandy uploaded screenshots of Fitbit and Uber sessions with sensitive information redacted. While the number of leaks is relatively small (about .00003% of HTTP requests, or 1 in every 3,300,000 requests, according to Cloudflare), the extent of the bug, which is being called "Cloudbleed," is far-reaching.The database did not include detailed information like analogue Ashley Madison did, but it still could be used to confirm whether a person had signed up for the service.Adult Friend Finder presents itself as the world’s largest internet community for swinging and sex.