AdultFriendFinder may have been hacked, exposing 400 million accounts

AdultFriendFinder may have been hacked, exposing 400 million accounts


Hacked, again.
Image: AdultFriendFinder

UPDATE: Nov. 15, 2016, 9:17 a.m. AEDT FriendFinder Networks told Mashable the company has received a number of reports regarding potential security vulnerabilities.

“Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation. Our investigation is ongoing but we will continue to ensure all potential and substantiated reports of vulnerabilities are reviewed and if validated, remediated as quickly as possible.

“FriendFinder takes the security of its customer information seriously and is in the process of notifying affected users to provide them with information and guidance on how they can protect themselves. We will provide further updates as our investigation continues.”


For the last time, “123456” is not an okay password, people.

The sex and dating site AdultFriendFinder has been hacked for the second time (that we know of), according to the breach notification website LeakedSource, and the world’s truly lousy password habits have again been exposed in the process.

The breach reportedly occurred in October, with more than 400 million accounts from over two decades now leaked. In addition to Adultfriendfinder.com, user information from sites like Stripshow.com and Penthouse.com was also dumped online.

The California-based Friend Finder Networks, AdultFriendFinder’s parent company, claims that 700 million people engage with at least one of their sites. User data from its property Cam.com, “one of the largest providers of live model webcams in the world,” was also included in the hack.

Unsurprisingly, the passwords revealed in the latest data haul are terrible.

READ  Apple just sued a key iPhone partner for $1 billion

The top three most used passwords? “123456,” “12345” and “123456789.” You have to go through the list to number 13 until you find the slightly more original but still spectacularly useless “pussy.”

LeakedSource also selected some of the longest real passwords it managed to find. Random sample: “schrodingersfavouritecat,” “ilovemanchesterunited” and “carlosfromcancun.”

The top three most used passwords? “123456,” “12345” and “123456789.”

Echoing the AshleyMadison saga of 2015, it seems around 15,766,727 AdultFriendFinder deleted accounts were not in fact deleted. In the affair site’s case, the passwords were similarly dumb.

A large amount of the passwords were also insecurely stored in clear-text by the site an unacceptable move, as LeakedSource pointed out, given the site already went through a significant hack in 2015.

The personal data of nearly 4 million users was exposed in May 2015, including IP addresses, birth dates, usernames and even sexual orientation.

READ  Dubai and Saudi Arabia towers in time war to be world's tallest

ZDNet obtained a potion of the most recently hacked database to verify, and found it did not appear to contain sexual preference information.

Friend Finder Networks confirmed the site’s security vulnerabilities to the publication, but did not explicitly state the hack had occurred.

“Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources,” Diana Ballou, vice president and senior counsel, told ZDNet.

“Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation.”

Mashable has reached out to Friend Finder Networks for further clarification.

Read more: http://mashable.com/2016/11/13/adultfriendfinder-hacked-again-passwords/

Top