Short Bytes: One of the biggest data breaches on the Friend Finder Network has compromised the details of 412 million users across various domains maintained by the company which provides 18+ services. LeakedSource which informed about the breach has mentioned that most of the passwords were in plain text.
Finder Finder Networks provides 18+ services via a bunch of websites which include Adultfriendfinder.com–World’s largest sex & swinger community. It is also the internet home to the famous PentHouse Magazine which was acquired by PentHouse Global Media. It’s surprising that Friend Finder still has Penthouse’s data.
Out of the total 412,214,295 accounts, LeakedSource has detailed the names and number of individual domains which have been affected:
- Adultfriendfinder.com – 339,774,493 accounts.
- Cams.com – 62,668,630 accounts.
- Penthouse.com – 7,176,877 accounts.
- Stripshow.com – 1,1135,731 accounts.
- Unknown domains – 35,372 accounts.
To hack all these accounts, the hackers took advantage of the Local File Execution exploit. This is the second biggest data breach occurred on Adultfriendfinder, the first one being in May 2015. However, the former attack was rather a small one with the compromise of 3.5 million account details. The newer one has also outperformed the MySpace data breach which compromised the 360 million accounts. Moreover, this data is what the Friend Finder has gathered during 20 years of its existence.
LeakedSource notes that most of the user passwords were either stored in plaintext or hashed using the SHA1 which is not a reliable cryptography method. The leaked database also includes the details of 15,766,727 deleted accounts which were not removed from the database. After verifying a portion of the database, ZDNet has reported that the leaked data didn’t contain information like sexual preferences of the users. Friend Finder didn’t confirm the breach right away but said that they received potential security vulnerability reports from trusted sources.
If you have something to add, tell us in the comments below.
Also Read: Endace: This Unknown Company Powers Massive Surveillance Around The World