A massive data breach has exposed over 400 million user accounts in the Friend Finder Network, which hosts Adult Friend Finder, one of the largest dating sites as well. To be able to put in perspective, at the time of the Ashley Madison scandal, “only” 32 million accounts were exposed.
339 million of the hacked accounts were registered to Adult Friend Finder, 62 million on Cams.com, 7 million on Penthouse.com, and some accounts were hacked on iCams and Stripshow.com. These numbers also include 15 million deleted accounts which were not purged from their system. According to Leakedsource, the data is worth of two decades.
From their blog, it also turns out, that the reason why such a huge batch of accounts could be hacked, is that Friend Finder Network used allegedly very poor security measures to keep their stored information safe. Not much before the breach, security expert called “Revolver” has disclosed a local file inclusion flaw to the public, but denies any connection with the actual breaching. He claims, a Russian hacking site is responsible for the act.
Either way, as it seems, the sites did not use satisfactory security measures against hackers. As it can be read on the Leakedsource blog, passwords were stored in plain visible format, database passwords were very generic, also deleted accounts were named based on a very simple scheme, such as firstname.lastname@example.org@deleted1.com. All in all, for someone with malicious intent and a bit of know-how, their database was kind of a freebie.
However, this was not the first time, their database has been hacked into, last year 3.5 million accounts were exposed.