AdultFriendFinder hacked, 412 million accounts in jeopardy

Let's face it. Adult sites are just begging to be hacked, seen as treasure troves not just of sensitive data but also of details that most people would prefer to keep secret. Of course, that hasn't stopped said people from flocking to these kinds of networks anyway. Case in point is a recent hack that target the Friend Finder Network, which includes AdultFriendFinder, Cams, and Penthouse, among other sites, which has yielded more than 400 million customer accounts representing 20 years worth of data.

Breach notification website LeakedSource claims that this is the biggest hack ever. It eclipses the MySpace hack that bore 360 million user accounts. The exact number for Friend Finder? 412,214,295 accounts. Supposedly verified "real" accounts.

And it isn't even Friend Finder's first hack either. Back in 2015, the network was already breached, which resulted in a more "interesting" data set, which included each user's sexual preferences, and possibly dirty laundry. It seems that wasn't enough of a wake up call for the network, and now more than 412 million users might pay the price for the lack of diligence and vigilance.

Somewhat fortunately, at least for now, LeakedSource has decided not to make the data set publicly searchable. It did, however, invite media to take a look themselves in order to verify it was the real deal. Unfortunately, it turns out to be exactly that.

To add insult to injury, the breach revealed Friend Finder Network's hopefully not intentionally incompetent handling of sensitive user information. For example, passwords were stored either in plain text or very weakly encrypted. And it appears that Friend Finder never really deleted accounts, which would explain the 400 million accounts. Instead, they simply appended "@deleted" to the user's e-mail address but kept all the data intact. They were just invisible, but not to hackers.

Friend Finder Networks has not yet confirmed the massive breach. It did however, say that there have been reports of security vulnerabilities, one of which was supposedly already fixed. Given the severity of the situation, not to mention potential legal liabilities, it won't be surprising if they try to keep matters a secret. Not that they're very good at it anyway, it seems.

SOURCE: LeakedSource