Secrets for hundreds of millions exposed in largest hack of 2016: Friend Finder Network
From LeakedSource.com:
Friend Finder Network Inc is a company that operates a wide range of 18+ services and was hacked in October of 2016 for over 400 million accounts representing 20 years of customer data which makes it by far the largest breach we have ever seen — MySpace gets 2nd place at 360 million. This event also marks the second time Friend Finder has been breached in two years, the first being around May of 2015.
A list of sites we have verified, how many affected accounts and a brief description are as follows:
- Adultfriendfinder.com
- 339,774,493 users
- “World’s largest sex & swinger community”
- Cams.com
- 62,668,630 users
- “Where adults meet models for sex chat live through webcams”
- Penthouse.com
- 7,176,877 users
- Adult magazine akin to Playboy
- Stripshow.com
- 1,423,192 users
- Another 18+ webcam site
- iCams.com
- 1,135,731 users
- “Free Live Sex Cams”
- Unknown domain
- 35,372 users
Total: 412,214,295 affected users
How did it happen? They were hacked via a Local File Inclusion exploit and you can read more about the situation when it was initially reported from this link.
Read more on LeakedSource.com.
Zack Whittaker of ZDNet obtained some of the data and attempted to verify it. He reports:
ZDNet obtained a portion of the databases to examine. After a thorough analysis, the data does not appear to contain sexual preference data unlike the 2015 breach, however.
The three largest site’s SQL databases included usernames, email addresses, and the date of the last visit, and passwords, which were either stored in plaintext or scrambled with the SHA-1 hash function, which by modern standards isn’t cryptographically as secure as newer algorithms.
Read more on ZDNet.
Steve Ragan of CSO Online also has additional details on the incident that you’ll want to read.
There will obviously be much more coverage and analysis of this breach in the weeks, months, and even years to come. The most deadly questions may be those that ask FFN what they did following the first breach to prevent this second breach.