Online leak of nearly 400 million accounts of Adult FriendFinder reveals personal details

NewYork,Nov15:NEARLY 400 million accounts on sex and swinger site Adult Friend Finder have allegedly been exposed in what is believed to be the biggest security breach of its kind. Friend Finder Networks- an online adult dating and entertainment company was hacked, exposing the details of more than 412 million accounts, reveals Leaked Source.

Friend Finder is the parent company of sites like adult dating and entertainment sites like AdultFriendFinder, Cams.com, Stripshow and Penthouse.The scale of the hack, which was first reported last month, has only now been revealed by stunned data experts who said it is “the largest breach we have ever seen,” The Sun reports.

It is the second major leak of private user information in less than two years — and it even contains details of deleted accounts over the seedy service’s 20-year history, Leaked Source has claimed.

The company was hacked through a local file inclusion vulnerability, as reported by a security researcher who goes by Revolver on Twitter. The researcher posted screenshots showing local file inclusion vulnerabilities. This flaw enables the hackers to access all of the network’s sites and remotely include files on server, many a time resulting in the display of the content on the screen.

This is the second time Friend Finder Networks has been hacked in two years. In May 2015, more than 3 million Adultfriendfinder accounts were hacked. While a report of ZDNet states that the latest breach does not reveal sensitive details and include information like email address, username, passwords and time of the last login, the 2015 hacking had spilled the sexual secrets of the users.

Twitter user 1x0123 posted a tweet claiming to show Adult Friend Finder’s internal data. Picture: Twitter/@1×0123 via The Sun

In May last year, 3.5 million Adult Friend Finder accounts were exposed in another hack.

Peter Martin, Managing Director at IT security firm RelianceACSN said: “This breach on Adult Friend Finder is the second in as many years which raises serious alarm bells.

“It’s clear the company has majorly flawed security postures and given the sensitivity of the data the company holds this cannot be tolerated. There is a worrying trend where organizations believe that a cyber breach is inevitable — and this isn’t right.”

LeakedSource has listed the passwords list in this link.

The hack is not entirely the most disturbing fact. Most of the data stolen from the FriendFinder Networks was stored in plain text, which means email addresses, passwords, and other details were out in the open for the world to see it without deciphering anything. Also, customers who’d cut ties with the site were not left alone. The company stored details of 15 million deleted user accounts on its servers.

Despite the sensitive nature of the activity going on these dating sites, users used simple passwords that even an 11-year-old could guess. Most users, nearly one million, chose the password 123456, while another million added 7,8,9 and 0 to feel extra protected. Guess what, it wasn’t so difficult to crack after all.

Other popular password choices by the users of FriendFinder Networks included password, qwerty, and iloveyou.

A lot of Indian user account details were also stolen from the Friendfinder network accounts.

This isn’t the first time the adult website was hacked. In 2015, 3.5 million users’ accounts were hacked, which is an insipid comparison to the latest attack. And that isn’t the only part of worries for the company. In 2013, FriendFinder Networks filed for bankruptcy and delisted from NASDAQ. The challenges has continued to storm the site as there are several other sites offering similar services for free.

Top