Adult Friend Finder parent company hacked, 412 million accounts from multiple sites exposed

Shawn Knight

TechSpot Staff
Staff member

Adult Friend Finder would no doubt love the opportunity to roll back the calendar to at least early 2015.

After suffering a security breach in mid-2015 in which sensitive data belonging to nearly four million people was compromised, we’ve now learned of a second breach targeting not only the Adult Friend Finder website but several of the entertainment company’s other sites and services.

Breach notification site LeakedSource said it has verified that 339,774,493 AdultFriendFinder.com accounts were compromised last month. Data belonging to 62,668,630 Cam.com users, 7,176,877 Penthouses.com users, 1,423,192 Stripshow.com users and 1,135,731 iCams.com users was also exposed, as were 35,372 users from unknown domains.

In total, 412,214,295 accounts with data representing 20 years of customer activity were affected by the mega breach, making it the largest hack of 2016 and the largest that LeakedSource personally has ever seen. A local file inclusion exploit reportedly gave the hacker(s) a way into the network.

LeakedSource further notes that a significant amount of users on file had an e-mail address in the format of: email@address.com@deleted1.com. This almost certainly indicates that Adult Friend Finder held onto users’ accounts even after members deleted their accounts. There were more than 15 million of these “deleted” accounts associated with AdultFriendFinder.com, the publication claims.

Passwords for FriendFinder Network Inc. sites were stored either in plain visible format or SHA1 hashed (peppered) with the hashed passwords seemingly converted to all lowercase before storage. As a result, LeakedSource says 99.0 percent of all available passwords have been cracked and are visible in plaintext.

One would think that after having been hacked the year before, FriendFinder Network Inc. would have taken the necessary steps to bolster security but I digress.

Permalink to story.

 

Skidmarksdeluxe

TS Evangelist
The standard response from them will be " We take the security of our customers data very, very, very, very seriously and the breach is being extensively investigated". Yeah, right.
I love it when sites like these are compromised and the cheaters data is laid bare (pun intended) for the world to amuse themselves over.
 

Skidmarksdeluxe

TS Evangelist
I think you're way underestimating the number of people outside relationships who use porn.
It's a porn site? Jeez, then I apologise, I thought it was a 'dating' site. I really must stop just skimming through some articles before commenting.
 
D

davislane1

It's a porn site? Jeez, then I apologise, I thought it was a 'dating' site. I really must stop just skimming through some articles before commenting.
AFF is a hookup website. Singles, swingers, etc. get on there to bang. It's like Tinder but, as others have said, you can post your amateur porn there too. "Cheaters" was the Ashley Madison website.