Over 300 million accounts on Adult FriendFinder were compromised (Adult FriendFinder)
Private information from hundreds of millions of AdultFriendFinder.com users were compromised.
The entertainment company Friends Finder Network confirmed a security vulnerability in the site, which describes itself as “world’s largest sex and swinger community”. Leakedsources.com reported on the hack Nov. 13. It revealed that 20 years of data covering 412 million accounts had been stolen in October.
Leakedsources.com was able to crack 99 percent of passwords across Friends Finder’s affected sites including those from accounts that had been deactivated. Here’s everything you need to know about the hack.
1. AdultFriendFinder’s Hack is Ten Times as Big as the Ashley Madison Hack Last Year
More than 300 million accounts on AdultFriendFinder were hacked compared to 32 million compromised accounts in the 2015 Ashley Madison hack. While the Ashley Madison hack revealed more sensitive data like a user’s sexual preferences and fantasies, the attack against AdultFriendFinder is staggering in its size. The number of affected accounts rivals that of the Yahoo email hack involving 500 million email addresses.
While Ashley Madison offered a platform solely for extramarital affairs, AdultFriendFinder brands itself as a social network for romantic adults. Leakedsource.com won’t make the database of leaked information searchable, but did reveal some wider trends surrounding the breach. For example, in a search for most commonly used emails, the password 123456 ranked first. The data also provides insight into the site’s usage patterns. The number of newly registered users have declined in since 2012, while the number of inactive members reached its peak in 2014.
2. Twitter User 1×0123 aka Revolver Revealed the Vulnerability Shortly Before the Attack
— 1×0123 (@real_1x0123) November 14, 2016
According to csoonline.com, a researcher posted screenshots of the security vulnerabilities prior to the hack. Twitter user 1×0123 posted images of a Local File Inclusion vulnerability found on Adult Friend Finder’s servers. This kind of vulnerability can be used to insert files on the server to print data to the screen, or execute malicious code.
1×0123 posted the image on Twitter on November 7 and had his account suspended a couple days later. The hacker has reported security holes on other adult entertainment sites like Pornhub, which called his claims a hoax, and most recently, RedTube. After he revealed the vulnerability, Friend Finders Network told CSO that they were investigating the reports. 1×0123 has denied involvement in the AdultFriendFinder attack.
3. More than 15 Million Deleted Accounts Were Found in the Breach
— Clive Campling (@CliveJBN) November 14, 2016
It turns out that deleted accounts weren’t deleted after all. Databases still held on to account information for over 15 million deleted accounts. LeakedSources.com reports that these emails were found in the format: firstname.lastname@example.org@deleted1.com. In addition to AdultFriendFinder, the hack affected Friend Finder Network’s Cams.com and Penthouse.com. Here’s the breakdown of what sites were affected:
AdultFriendFinder.com: 339 Million
Cams.com: 62 million
Penthouse.com: 7 million
Users can check if their email address had been affected on the data breach notification site: have i been pwned
4. AdultFriendFinder Was Hacked Last Year, Exposing 3.5 Million User Accounts
Among the sensitive information leaked in the Adult Friend Finder’s 2015 hack were sexual preferences and interest in extramarital affairs. The site was hacked in May of 2015, resulting in leaked data from 3.5 million user accounts. The person behind the hack was an admin on the hacker forum HELL. The admin said the hack was in retaliation for a friend who was owed money. While this year’s breach didn’t include information on sexual preferences as in 2015 , it revealed users’ usernames, email addresses, date of last visit and passwords according to ZDNet.
5. Friend Finders Network Has Confirmed There Were Vulnerabilities
According to ZDNet, Friend Finders Network said there were vulnerabilities, but did not confirm the breach. In an email to the tech site, the company’s vice president Diana Ballou referenced the injection vulnerability behind the attack.
Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation
FFN Websites use reasonable security measures to help protect and prevent the loss, misuse, and alteration of the information under our control. We use industry standard efforts, such as firewalls, to safeguard your Personal Information. While “perfect security” does not exist on the Internet, or elsewhere, our technical staff works hard to help ensure your secure use of our services.