339 million Adult Friend Finder accounts exposed in information breach

Details of clients from Adultfriendfinder.com, Cams.com, Penthouse.com, Stipshow.com and iCams.com were exposed

In just what can be certainly one of biggest cheats of 2016, the parent company of adult ‘dating’ internet site Adult FriendFinder has received significantly more than 400 million client details taken.

The e-mails and passwords of Adultfriendfinder.com, Cams.com, Penthouse.com, Stipshow.com and iCams.com are accessed making on sale in dark internet areas in accordance with notification that is hacking LeakedSource.

Ad

Need to know if you have been hacked? Troy Hunt gets the details

The company claims buddy Finder system Inc, which “operates a range that is wide of solutions” like the web sites, had the important points accessed during October 2016. LeakedSource claims it is often in a position to confirm the facts of users and that the important points had been accessed through regional File Inclusion vulnerabilities.

Read next

Swipe right reddit cougar for equality: just just how Bumble is dealing with sexism

Inside the information seen by the ongoing business, there is info on 412,214,295 customers. Adult buddy Finder, called the ‘world’s sex that is largest & swinger community,’ had 339,774,493 users within the database, 62,668,630 everyone was registered with Cams.com, 7,176,877 Penthouse.com individual details had been breached, and Stripshow.com additionally had 1,423,192 client details exposed.

“Passwords had been saved by buddy Finder system in a choice of ordinary noticeable format or SHA1 hashed (peppered),” LeakedSource claims with its post. On the list of passwords the most frequent had been 123456, with over 900,000 individuals using the sequence of figures. The most truly effective 12 many passwords that are common the dataset included individuals with common quantity patterns. Additionally widely used had been ‘password’ ‘qwerty’ and ‘qwertyuiop’. ‘Pussy,’ ‘fuckme,’ ‘fuckyou,’ and ‘iloveyou’ had been being among the most passwords that are common Hotmail, Yahoo and Gmail were the most typical kinds of e-mail within the breach.

Ad

LeakedSource continues: “Neither technique is considered safe by any stretch of this imagination and in addition, the hashed passwords appear to have been changed to any or all lowercase before storage which made them much easier to strike but means the credentials should be slightly less ideal for harmful hackers to abuse when you look at the real life.”

Along with present consumer details being contained in the accessed databases there had been also details of deleted reports. There have been 15,766,727 e-mail details because of the @deleted.com suffix included with them.

A representative for the close friend Finder system said it absolutely was investigating the event. “we have been conscious of reports of a protection event, so we are currently investigating to look for the credibility associated with reports,” Diana Lynn Ballou, vice president, senior counsel business conformity and litigation at FriendFinder Networks stated.

The information breach has parallels that are certain the hack that compromised the personal stats of adultery internet site Ashley Maddison in 2015. The Ashley Madison information (of 33 million users) ended up being smaller in quantity but had more personal stats available: complete names, street details, and email details were included in the 9.7GB data dump.

Adult Buddy Finder Finds 412M Reports Compromised

Popular adult site that is dating buddy Finder, which bills it self given that “World’s premier Sex & Swinger Community,” has exposed the account information of over 412 million users, in exactly what is apparently among the biggest information breaches of 2016.

That is simply the latest breach of Adult Friend Finder, carrying out a high-profile hack of this web site in might 2015 that led towards the leaking of 4 million documents.

The breach apparently happened in October, whenever hackers gained entry to databases Adult Friend Finder moms and dad business FriendFinder Networks simply by using a recently exposed File Inclusion that is local Exploit.

Officials at Adult Friend Finder stated which they had been warned of possible weaknesses and took actions to stop a information breach.

“Over the last weeks, buddy Finder has gotten a wide range of reports regarding possible protection vulnerabilities,” said FriendFinder Networks vice president Diana Ballou, in an meeting using the Telegraph. “Immediately upon learning these records, we took a few actions to review the specific situation and bring into the right outside lovers to aid our research.”

“While a range these claims became extortion that is false, we did determine and fix a vulnerability.”

Exactly What steps were taken, additionally the vulnerability they fixed, is ambiguous, as hackers could actually exploit Friend Finder’s community, and access e-mails, usernames, and passwords for a complete of 412,214,295 records.

Users had been impacted across six domains owned by FriendFinder Networks, relating to a written report from breach notification web site LeakedSource, which first made news associated with the public that is breach.

Below is a complete break down of breached internet web sites, thanks to LeakedSource.

• AdultFriendFinder.com
  • 339,774,493 users
  • “World’s largest sex & swinger community”
• Cams.com
  • 62,668,630 users
  • “Where grownups meet models for intercourse talk survive through webcams”
• Penthouse.com
  • 7,176,877 users
  • Adult magazine akin to Playboy
• Stripshow.com
  • 1,423,192 users
  • Another webcam site that is 18
• iCams.com
  • 1,135,731 users
  • “Free Live Intercourse Cams”
• Unknown domain
  • 35,372 users

Associated with 412 million records exposed from the sites that are breached 5,650 .gov e-mail details have already been utilized to join up accounts, which may result in some awkward workplace conversations. Another 78,301 .mil e-mails were utilized to join up reports.

Passwords saved by Friend Finder Networks had been either in plain visible format or SHA1 hashed, both practices which can be considered dangerously insecure by specialists. Additionally, hashed passwords had been changed to all or any lowercase before storage space, based on LeakedSource, which made them less difficult to strike.

LeakedSource published a summary of the most frequent passwords based in the breach, as well as in a story that is depressingly familiar ‘123456’ and ‘12345’ took the most effective spots with 900 thousand and 635 thousand instances, correspondingly.

• Tweet
• 
•