Adult Friend Finder has been hacked again — This time, 412 million accounts have been stolen and exposed.
This can easily be termed as the biggest and largest data breach and hacking feat of 2016. In the latest data breach, all adult websites owned by Friend Finder Inc. have been hacked leading to exposure of over 412 million user accounts. The hacked websites also include the very famous AdultFriendFinder and others from the same network such as Penthouse (dot) com and Cams (dot) com etc.
The data breach was investigated by LeakedSource and this is what the company identified:
“Friend Finder Network Inc is a company that operates a wide range of 18+ services and was hacked in October of 2016 for over 400 million accounts representing 20 years of customer data which makes it by far the largest breach we have ever seen — MySpace gets 2nd place at 360 million. This event also marks the second time Friend Finder has been breached in two years, the first being around May of 2015.”
Reports reveal that every single account’s password was cracked by the hackers, which hints to the fact that the company had implemented very poor security measures. It must be noted that the breach also involved deleted accounts.
Out of the 412 million, around 339 million accounts are associated with the AdultFriendFinder website, 62 million to Cams (dot) com, 7 million to Penthouse (dot) com and more than 15 million are deleted accounts. The remaining came from other adult sites from the same network. It is surprising that deleted accounts were still part of the database of the company.
LeakedSource also explained that the attackers managed to conduct such a massive data breach by exploiting a flaw in the local file inclusion on AdultFriendFinder(dot)com website.
A security researcher going by the online handle of Revolver was the first to notify the company about the data hack. The researcher explained that using this flaw, an attacker can remotely run malicious code on any targeted web server. However, the actual perpetrators of the crime are not yet exposed. Revolver has denied his involvement already but claims that Russian hackers could be behind this attack.
The hacked data includes usernames, email addresses, passwords, site membership data, sexual preferences, IP address from where the user logged into the adult site and the date of the last visit. The passwords were stored in plaintext format and hashed with the SHA-1. This is why it became quite an easy task for hackers to steal the passwords.
LeakedSource was successful in cracking 99% of the stolen passwords which were part of the databases. Those accounts also include 5,650 .gov registered emails on all websites combined and 78,301 .mil emails.”
The total number of affected users are 412,214,295 and here is a brief description of the affected sites, number of accounts and other details:
- 339,774,493 users
- “World’s largest sex & swinger community”
- 62,668,630 users
- “Where adults meet models for sex chat live through webcams”
- 7,176,877 users
- Adult magazine akin to Playboy
- 1,423,192 users
- Another 18+ webcam site
- 1,135,731 users
- “Free Live Sex Cams”
- Unknown domain
- 35,372 users
Here is a list of most used passwords and email domains found in the stolen data: