Advertisements
Trending Events

Massive hack on sex hook-up website AdultFriendFinder exposes details of 412 million people

Popular Stories

Information collected over 20 years has been leaked  

Five affiliated ‘hookup’ sites breached

Users of the sites advised to be extra careful and watch out for phishing attacks

A massive data breach targeting adult dating and entertainment company Friend Finder Network has exposed more than 412 million accounts.
The hack includes 339 million accounts from AdultFriendFinder.com, which the company describes as the “world’s largest sex and swinger community.”
62 million accounts from Cams.com, and 7 million from Penthouse.com were stolen, as well as a few million from other smaller properties owned by the company, including over 15 million “deleted” accounts that wasn’t purged from the databases.
The data accounts for two decades’ worth of data from the company’s largest sites, according to breach notification LeakedSource, which obtained the data.

Adult FriendFinder.jpgUser’s personal information, collected over 20 years at AdultFriendFinder has been breached  

The personal details of millions of people who signed up to the adult-themed dating network in the past 20 years have been exposed in one of the largest ever data breaches.
The email addresses and passwords of 412 million people have been leaked after the meetup website Adult Friend Finder was hacked, email address were stolen in the breach, which also included the date of last visit, browser information, some purchasing patterns.
Adult Friend Finder describes itself as “one of the world’s largest sex hookup” websites, with more than 40 million active users. The hack, against its parent company Friend Finder Networks, also involved data from Cams.com, a live video sex site, and Penthouse.com, an internet porn site that was sold in February.
The attack happened just as as a security researcher, known as Revolver, disclosed a local file inclusion flaw on the AdultFriendFinder site, which can be exploited to enable the remote deployment of malicious code on the web server. The identity of the perpetrators of the recent hack against Friend Finder Networks, a California-based company is not known. Revolver denied he was behind the data breach, and instead blamed users of an underground Russian hacking site.
The attack on Friend Finder Networks is the second in as many years. The company, based in California and with offices in Florida, was hacked last year, exposing almost 4 million accounts, which contained sensitive information, including sexual preferences and whether a user was looking for an extramarital affair.

The attack, discovered by hack monitoring site Leaked Source, occurred in October and is one of the biggest on record, following closely behind Yahoo, which recently reported the loss of half a billion users’ details. It eclipses last year’s Ashley Madison hack, in which the personal information and sexual preferences of 37 million people were exposed.

Weak and outdated website security allowed cyber criminals to access the Adult Friend Finder information, Leaked Source said. The passwords and usernames were stored in a way that is easily decoded, meaning 99 per cent of those stolen were legible to the hackers.
“Passwords were stored by Friend Finder Networks either in plan visible format or SHA1 hashed. Neither method is considered secure by any stretch of the imagination,” said Leaked Source.

Adult friend Finder3.png

Friend Finder Networks, which lost the login details, date of birth and sexual preferences of almost 4 million users in 2015, would not confirm the breach, but said it had found vulnerabilities in its site, according to ZD Net.
“Over the past several weeks, Friend Finder has received a number of reports regarding potential security vulnerabilities,” said Diana Ballou, the company’s vice president. “Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation.
“While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability.”
Experts warned that companies need to do more to make sure their customers’ personal details are kept safe.
“Companies still tend to underestimate the risks related to web applications, and consequently put their customers at huge risk,” said Ilia Kolochenko, chief executive of High-Tech Bridge. “With this breach of 400 million accounts we should expect a domino effect of smaller data breaches with password reuse and spear-phishing.”

Leaked Source has decided not to release the full database of people affected by the breach due to the sensitive nature of the information. But anyone who has signed up to one of the affected sites in the past 20 years, could be at risk, given that 15 million users who had deleted their accounts were affected. Anyone who has used the following sites could have been affected:
AdultFriendFinder.com – 3.4 million users affected
Cams.com – 62.7 million users
Penthouse.com – 7.12 million users
Stripshow.com – 1.4 million users
iCams.com – 1.14 million users

The company is advising users who think their personal information may have been stolen in the breach to change their passwords immediately.

They list affected data types as email addresses and usernames, which could be used in future spam and phishing attacks. They are advising their users to be on extra-alert to suspicious emails if they have signed up with one of the Friend Finder Network sites.

The advisory notes that fake emails often contain tell-tale signs such as spelling mistakes and grammatical errors.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: