Over 300 Million AdultFriendFinder accounts have reportedly been exposed in a massive data breach that hit adult dating and entertainment company Friend Finder Network.
Friend Finder Network is the world’s largest sex and swinger community that has a number of assets and the hack reportedly exposed the information from more than 412 Million accounts across its corporate holdings, which include AdultFriendFinder, Cams, Penthouse, and Stripshow.
Breach notification site LeakedSource broke the story, reporting that nearly 339 Million accounts from sex hookup site AdultFriendFinder, over 60 Million accounts from Cams.com, 7 Million from Penthouse and a handful of accounts from Stripshow and iCams were compromised, for a total of 412,214,295 affected users.
Poor Or No Encryption for Passwords
According to the breach notification service, the database containing email addresses, easily crackable (or in some cases, unprotected) passwords, usernames, IP addresses and browser information, of over 412 Million users has been made available to online criminal marketplaces.
LeakedSource further reveals that Friend Finder Network did not properly encrypt its users’ data. The company stored user passwords in plainly visible format, or with the very poor Secure Hash Algorithm 1 (SHA1) hash function, which is not regarded as secure.
Talking about passwords, here are some common passwords that were used by Friend Finder Network users to log in to the websites: 123456, 123456789, password, qwerty, and pussy, fuckme, fuckyou and iloveyou.
Here’s How the Adult Network possibly got Hacked:
According to CSO Online, a security researcher using the online moniker, Revolver discovered Local File Inclusion vulnerabilities on the AdultFriendFinder website last month. The researcher believed that the same flaw was exploited to hack the adult network.
Friend Finder Network said the company was aware of the security incident and was looking into the matter to determine whether or not the claims were valid.
“We are aware of reports of a security incident, and we are currently investigating to determine the validity of the reports,” Diana Lynn Ballou, Friend Finder Network’s Vice President and Senior Counsel of Corporate Compliance & Litigation told CSO Online. “If we confirm that a security incident did occur, we will work to address any issues and notify any customers that may be affected.”