More Than 300 Million Accounts Exposed By AdultFriendFinder Data Breach
A total of 412 million user account details could be affected across a number of different sites owned by Friend Finder, including AdultFriendFinder, Cams.com, Penthouse.com, Stripshow.com and iCams.com among others, according to the breach notification website LeakedSource.com. Reportedly, a local file inclusion exploit gave the hacker(s) a way into the network.
AdultFriendFinder, the sex and dating site, had stored their user passwords in plain visible format or with Secure Hash algorithm 1 (SHA-1), which is not considered secure and can be cracked with relative ease, according to LeakedSource. LeakedSource.com notes that the hashed passwords had been changed to lower case, which has the odd effect in this case of making the passwords easier to brute force, but less useful to hackers looking to gain access to other services through reused credentials.
According to ZDNet, which obtained a portion of the database and confirmed its validity, the leaked information “does not appear to contain sexual preference data, unlike the 2015 breach.” However, the site was able to see account usernames, e-mails, passwords, the last login, IP addresses, browser information and other information.
Breach notification site LeakedSource said it has verified that 339,774,493 AdultFriendFinder.com accounts were compromised last month. Further, data belonging to 62,668,630 Cam.com users, 7,176,877 Penthouses.com users, 1,423,192 Stripshow.com users and 1,135,731 iCams.com users was also exposed, as were 35,372 users from unknown domains. In total, 412,214,295 accounts with data representing 20 years of customer activity were affected by the mega breach, making it the biggest hack of 2016.
A significant amount of users on file had an e-mail address in the format of: firstname.lastname@example.org@deleted1.com, notes LeakedSource. This almost certainly indicates that Adult Friend Finder held onto users’ accounts even after members deleted their accounts. Further, more than 15 million of these “deleted” accounts were related to AdultFriendFinder.com, the publication claims.
The most used password on AdultFriendFinder was 123456, followed by six variations of the numbers 1 – 9, but all beginning with 12345. The seventh most used password, and the first to be an actual word was…password. The passwords chosen by the masses go on to show how bad they are at selecting passwords to secure their accounts.
This is not the first time that the site has suffered the first security breach. In mid-2015, sensitive data belonging to more than 3.5 million people was compromised and dumped in the black market.