AdultFriendFinder Network Hack Puts 412 Million Accounts At Risk
A recent report from LeakedSource reveals that a hack targeting Friend Finder Network has exposed over 412 million accounts with most of them (339 million) belonging to sex hookup site AdultFriendFinder. That also includes over 15 million "deleted" accounts that were not purged from the databases. In addition, the hack also compromised accounts at Cams.com (62 million), Penthouse (7 million) and a handful of smaller sites.
The vulnerable data includes some particularly sensitive details. While it is not as bad as a 2015 breach, where sexual preferences were in the clear, the hack has revealed usernames, purchasing patterns, internet addresses and easy to crack (or in some cases, unprotected) passwords. ZDNet has verified that at least some of the accounts are real.
The attack happened at around the same time as one security researcher, known as Revolver, disclosed a local file inclusion flaw on the AdultFriendFinder site, which if successfully exploited could allow an attacker to remotely run malicious code on the web server. However, it is not known who carried out this most recent hack.
Friend Finder Networks confirmed the site vulnerability, but would not outright confirm the breach. However, according to an email from Diana Ballou, vice president, and senior counsel, they did note that they have received reports of "potential security vulnerabilities".
Over the past several weeks, FriendFinder has received several reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation.
While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability. FriendFinder takes the security of its customer information seriously and will provide further updates as our investigation continues.
While the chances of someone going on a shopping spree with this info are slim, there is still plenty of risks involved. Login details can reveal identities and open the door to account hijacks, and the age of the database raises the extra potential for mischief. So, if you are a user or if you have used the AdultFriendFinder service or any of the other services under the Friend Finder Network, you will want to double check your email passwords and change it. In addition, please remember that even if you have stopped using those websites, there is a chance your info could have been stolen.