- Man cuts his books in half to make them ‘portable,’ spurs online debate Tuesday 6:09 PM
- Fans defend Lana Del Rey after she was mocked for flying commercial Tuesday 5:10 PM
- Lady Gaga fans find alleged new song name in her website’s code Tuesday 4:42 PM
- Barstool Sports deletes anti-union tweets, blog post in settlement Tuesday 3:47 PM
- The ‘can have … as a treat’ meme has come full circle Tuesday 3:09 PM
- Joe Rogan says he’s voting for Bernie Sanders Tuesday 2:54 PM
- Woman spots mole in man’s TikTok video, saves him from cancer Tuesday 2:17 PM
- ‘You’ star confirms his character is queer and ‘never will be’ straight Tuesday 1:08 PM
- This Twitch streamer pooped his pants during a broadcast Tuesday 12:17 PM
- Apple’s iCloud encryption plan halted amid FBI pressure, report Tuesday 10:57 AM
- Glenn Greenwald charged with cybercrimes in Brazil Tuesday 10:48 AM
- BadBunny rips her fans for not sending her enough money Tuesday 10:06 AM
- White rapper punched in the face for saying the N-word during battle Tuesday 9:21 AM
- Hillary Clinton blasts Bernie Sanders, says ‘nobody likes him’ Tuesday 8:57 AM
- Someone found Harry Styles’ doppelganger—and TikTok is obsessed Tuesday 8:08 AM
The account information of over 412 million FriendFinder users has been compromised in a colossal breach that raided six of the adult-dating company’s databases.
FriendFinder Networks host a range of adult-oriented websites that offer a range of services, from dating to livestream sex chat. The massive leak exposes the usernames, member information, email addresses, passwords and IP addresses of millions of past and current users.
Among the user information are over 5,000 government registered email addresses, 78,000 military email addresses and information on over 15 million un-purged deleted accounts stretching back 20 years.
It’s feared that this information, now available on dark web marketplaces, could be used by criminals to potentially identify individuals and target them for extortion or phishing—especially given the nature of the services that FriendFinder provides.
In a statement to the Daily Dot, a FriendFinder Network spokesperson said the company has taken “several steps to review the situation and bring in the right external partners to support our investigation.” The company says its investigation is “ongoing” and will “continue to ensure all potential and substantiated reports of vulnerabilities are reviewed and if validated, remediated as quickly as possible.”
Security researchers at LeakedSource disclosed the scope of the hack in a blog published on Sunday. Without publicly publishing the data, the researchers verified that 339 million users of the AdultFriendFinder service, which markets itself as the “world’s largest sex and swinger community”, were affected. A further 72 million accounts belong to users of FriendFinder’s other adult-oriented verticals, including Cams.com, Stripshow.com, iCams.com, and Penthouse.
The vulnerability had been pointed out by a security researcher known as 1×0123, or Revolver, in mid-October. Posting screenshots on a since-suspended Twitter feed, 1×0123 identified a Local File Inclusion exploit. It was this vulnerability that is alleged to have resulted in the hack.
The vulnerability meant that sensitive login information of millions of users had been stored mostly in plaintext, and in some places encrypted with a dated SHA-1 hash function. The SHA-1 algorithm is not considered secure by current cryptographic standards.
ZDNet was able to independently verify the authenticity of LeakedSource’s report after being given access to a sample of the leaked database. After contacting a number of email addresses, individuals confided that they were or had been account holders at one of the FriendFinder websites and one remarked that he was “unsurprised” by the breach.
Of course, the skepticism is not unwarranted because this is not the first time that FriendFinder has succumbed to a serious hack. In May 2015, over 3.5 million of the company’s users had their data stolen in a hack reminiscent of that which adult-dating site Ashley Madison suffered. However, this latest breach exceeds all others in sheer size.
FriendFinder Network has vowed to provide more information into the breach if it becomes available.
Update: 10:55am CT, Nov. 14: Added comment from FriendFinder Network.
David Gilmour is a reporter who specializes in national politics, internet culture, and technology.