Data of 412 Million Thrill-Seekers Exposed in FriendFinder Networks Hack

hacker

A data breach involving the accounts of more than 412 million users of adult dating company FriendFinder Networks has exposed more than two decades’ worth of their activities on the company’s various adult-themed websites.

This includes accounts on AdultFriendFinder, described as the “world’s largest sex and swinger community,” Cams.com, Penthouse, Stripshow and/or iCams.com – all part of FriendFinder Networks, and also involves more than 15 million supposedly closed accounts that were not purged from the databases.

This may be the largest breach of 2016, which has proved to be a year of public breaches, including revelations of breaches involving Yahoo, LinkedIn, NSA, Amazon, Vera Bradely, Dropbox, hospitals, and many more.

A data breach involving MySpace also affected the accounts of more than 360 million users- the second largest publicly revealed data breach of 2016.

This is not the first time FriendFinder Networks has been hacked, said Leaked Source, which obtained the data. In 2015, the company was hacked, exposing the data of more than four million people.

A security researcher who goes by the moniker of Revolver, earlier revealed a local file inclusion flaw on the AdultFriendFinder website, which could be leveraged by hackers to remotely run malicious code on the server.

According to Leaked Source, Passwords were stored by FriendFinder Networks either in plain visible format or SHA1 hashed, neither of which is considered secure. Also, the hashed passwords seem to have been changed to all lowercase before storage, which made them far easier to attack, but also means the credentials will be slightly less useful for malicious hackers to abuse in the real world.

There are as many as 5,650 .gov registered emails on all websites combined and 78,301 .mil emails, reported Leaked Source.

In July 2015, a similar adult website, Ashley Madison suffered a data breach that revealed the information of over 32 million users.