It seems that hackers have been hard at work yet again. The Friend Finder Network which includes sites like AdultFriendFinder, Penthouse, Cams.com, Stripshow, and others, has been hacked. This has led to the exposure of more than 412 million accounts.
The Friend Finder Network is a company which operates various adults-only services. According to Leaked Source, the company has been hacked in October for the second time in two years. The breach exposed a varying number of accounts on each of the company’s sites.
Almost 340 million accounts were breached solely on Adultfriendfinder.com which claims that it is the world’s largest sex & swinger community. Over 62 million accounts were hacked on Cams.com, slight more than 7 million on Penthouse, 1.4 million on Stripshow.com, 1.1 million on iCams.com as well as around 35,000 for an unknown domain.
The gigantic number of hacked accounts makes this the largest data breach in 2017 as well as in the history of the internet. The MySpace hack is close second with 360 million. The Ashley Madison hack, a similar site also involved in the sex and dating industry but more controversial, exposed 42 million accounts. Leaked Source has decided not to make the leaked data sets available to general public as of yet, after much internal deliberation.
The Leaked Source report tells us that the hack was perpetrated using a Local File Inclusion exploit. The breach apparently happened in the same month as when researchers warned the Friend Finder network about this type of vulnerability. Additionally, the company made a number of other security mistakes that led to this situation.
The company either hashed passwords using a weak SHA1 algorithm or it stored them in plaintext without any type of protection. Additionally, the Friend Finder Network also kept log-in information for the Penthouse site despite having been sold to another company. To make matters worse, it even kept the passwords of over 15 million users who deleted their accounts.
If you had an account on any of the affected sites you should immediately change your password. You should do so with more urgency if you used the same password for all your important accounts.
What do you think about this new data breach? Were you ever affected by one?