Pierluigi Paganini November 13, 2016

The company that owns AdultFriendFinder and other adult websites has been hacked, data breach exposes 412 million accounts making this the largest 2016 hack

Almost every account password was cracked, thanks to the company’s poor security practices. Even “deleted” accounts were found in the breach.

A new massive data breach is in the headlines, the victim is the adult dating and entertainment website Friend Finder Network. The data breach has exposed more than 412 million accounts, 339 million of which from the AdultFriendFinder.com and over 15 million “deleted” accounts that were still present in the database.

A close look at the databases revealed that 62 million belong to Cams.com, and 7 million from Penthouse.com, the remaining records come from other brands of Friend Finder Network.

Below data provided by the data breach notification LeakedSource that examined the stolen data:

“Friend Finder Network Inc is a company that operates a wide range of 18+ services and was hacked in October of 2016 for over 400 million accounts representing 20 years of customer data which makes it by far the largest breach we have ever seen — MySpace gets 2nd place at 360 million. This event also marks the second time Friend Finder has been breached in two years, the first being around May of 2015.” reads the post published by LeakedSource.

A list of sites we have verified, how many affected accounts and a brief description are as follows:

• Adultfriendfinder.com
  • 339,774,493 users
  • “World’s largest sex & swinger community”
• Cams.com
  • 62,668,630 users
  • “Where adults meet models for sex chat live through webcams”
• Penthouse.com
  • 7,176,877 users
  • Adult magazine akin to Playboy
• Stripshow.com
  • 1,423,192 users
  • Another 18+ webcam site
• iCams.com
  • 1,135,731 users
  • “Free Live Sex Cams”
• Unknown domain
  • 35,372 users

It seems that attackers exploited a local file inclusion flaw in the AdultFriendFinder website that was first reported by the security researcher known as Revolver.

Revolver explained that the exploitation of the flaw on the AdultFriendFinder site could allow a remote attacker to run malicious code on the target web server.

It is still a mystery who is behind the data breach, Revolver denied any involvement in the attack, he blamed users of Russian hacking site instead.

This is the second time Friend Finder Networks is breached by hackers, the first attack occurred in May of 2015 when the attackers exposed almost 4 million accounts.

The analysis of the three largest site’s databases revealed that stolen data includes email addresses, usernames, passwords, site membership data, the IP address last used to log in, and date of the last visit.

The databases don’t contain sexual preference information, unlike the previous data breach.

The users’ passwords were either stored in plaintext or hashed with the SHA-1, which makes easy for hackers to crack them.

LeakedSource already crack 99 percent of all the passwords included in the databases.

Below the list of the Top Ten Passwords from AdultFriendFinder website:

LeakedSource also published a table of top email providers used, from AdultFriendFinder.com only. The vast majority emails are @hotmail.com (96,487,200), @yahoo.com (74,563,930), and @gmail.com (61,754,102).

“There are 5,650 .gov registered emails on all websites combined and 78,301 .mil emails.” states LeakedSource.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – AdultFriendFinder, data breach)