Almost every account password was cracked, thanks to the company’s poor security practices. Even “deleted” accounts were found in the breach.
A massive data breach targeting adult dating and entertainment company Friend Finder Network has exposed more than 412 million accounts.
The hack includes 339 million accounts from AdultFriendFinder, which the company describes as the “world’s largest sex and swinger community.”
SECURITY IN 2016
On top of that, 62 million accounts from Cams, and 7 million from Penthouse were stolen, as well as a few million from other smaller properties owned by the company.
The data accounts for two decades’ worth of data from the company’s largest sites, according to breach notification LeakedSource, which obtained the data.
The attack happened at around the same time as one security researcher, known as Revolver, disclosed a local file inclusion flaw on the AdultFriendFinder site, which if successfully exploited could allow an attacker to remotely run New Orleans sugar daddy websites malicious code on the web server.
But it’s not known who carried out this most recent hack. When asked, Revolver denied he was behind the data breach, and instead blamed users of an underground Russian hacking site.
The attack on Friend Finder Networks is the second in as many years. The company, based in California and with offices in Florida, was hacked last year, exposing almost 4 million accounts, which contained sensitive information, including sexual preferences and whether a user was looking for an extramarital affair.
ZDNet obtained a portion of the databases to examine. After a thorough analysis, the data does not appear to contain sexual preference data unlike the 2015 breach, however.
The three largest site’s SQL databases included usernames, email addresses, and the date of the last visit, and passwords, which were either stored in plaintext or scrambled with the SHA-1 hash function, which by modern standards isn’t cryptographically as secure as newer algorithms. Continue reading AdultFriendFinder network hack exposes 412 million accounts