- What is “TikTok including Musical.ly”? Tuesday 8:48 PM
- Video shows driver yelling N-word at Black woman in road rage incident Tuesday 7:40 PM
- A fan gifted Billie Eilish a jacket–it ended up in a thrift store for another fan to find Tuesday 6:49 PM
- Fans are surprisingly hyping Moby up for his new vegan tattoo Tuesday 6:13 PM
- Suspicionless searches of travelers’ electronics ruled unconstitutional Tuesday 5:22 PM
- Facebook testing TikTok clone within Instagram called Reels Tuesday 5:11 PM
- Han Solo shooting scene changed yet again, spawning ‘Maclunkey’ memes Tuesday 4:52 PM
- Facebook bug opened iPhone cameras while users scrolled their feeds Tuesday 4:36 PM
- Black Facebook employees say company racism has ‘gotten worse’ Tuesday 4:01 PM
- This fish with a ‘human face’ is here to give you nightmares Tuesday 3:28 PM
- TikTok’s piercing challenge leaves the fate of your face up to a filter Tuesday 2:54 PM
- Soldiers with top-secret clearance say they were ordered to install a sketchy app Tuesday 2:46 PM
- How to take your Korean beauty routine on the go Tuesday 2:24 PM
- Disney+’s ‘Encore!’ is a love letter to high school theater Tuesday 2:15 PM
- White tourist filmed shouting homophobic, racist slurs Tuesday 1:31 PM
The account information of over 412 million FriendFinder users has been compromised in a colossal breach that raided six of the adult-dating company’s databases.
FriendFinder Networks host a range of adult-oriented websites that offer a range of services, from dating to livestream sex chat. The massive leak exposes the usernames, member information, email addresses, passwords and IP addresses of millions of past and current users.
Among the user information are over 5,000 government registered email addresses, 78,000 military email addresses and information on over 15 million un-purged deleted accounts stretching back 20 years.
It’s feared that this information, now available on dark web marketplaces, could be used by criminals to potentially identify individuals and target them for extortion or phishing—especially given the nature of the services that FriendFinder provides.
In a statement to the Daily Dot, a FriendFinder Network spokesperson said the company has taken “several steps to review the situation and bring in the right external partners to support our investigation.” The company says its investigation is “ongoing” and will “continue to ensure all potential and substantiated reports of vulnerabilities are reviewed and if validated, remediated as quickly as possible.”
Security researchers at LeakedSource disclosed the scope of the hack in a blog published on Sunday. Without publicly publishing the data, the researchers verified that 339 million users of the AdultFriendFinder service, which markets itself as the “world’s largest sex and swinger community”, were affected. A further 72 million accounts belong to users of FriendFinder’s other adult-oriented verticals, including Cams.com, Stripshow.com, iCams.com, and Penthouse.
The vulnerability had been pointed out by a security researcher known as 1×0123, or Revolver, in mid-October. Posting screenshots on a since-suspended Twitter feed, 1×0123 identified a Local File Inclusion exploit. It was this vulnerability that is alleged to have resulted in the hack.
The vulnerability meant that sensitive login information of millions of users had been stored mostly in plaintext, and in some places encrypted with a dated SHA-1 hash function. The SHA-1 algorithm is not considered secure by current cryptographic standards.
ZDNet was able to independently verify the authenticity of LeakedSource’s report after being given access to a sample of the leaked database. After contacting a number of email addresses, individuals confided that they were or had been account holders at one of the FriendFinder websites and one remarked that he was “unsurprised” by the breach.
Of course, the skepticism is not unwarranted because this is not the first time that FriendFinder has succumbed to a serious hack. In May 2015, over 3.5 million of the company’s users had their data stolen in a hack reminiscent of that which adult-dating site Ashley Madison suffered. However, this latest breach exceeds all others in sheer size.
FriendFinder Network has vowed to provide more information into the breach if it becomes available.
Update: 10:55am CT, Nov. 14: Added comment from FriendFinder Network.
David Gilmour is a reporter who specializes in national politics, internet culture, and technology.