- Trump revives his ‘dumb as a rock’ insult for Rex Tillerson 3 Years Ago
- Forget Hot Jafar. All hail Fat Ursula 3 Years Ago
- How to watch ‘The Affair’ for free Today 8:00 AM
- Olivia Wilde’s ‘Booksmart’ is a teen comedy that will actually age well Today 7:45 AM
- Conservative rising star Kyle Kashuv busted using the N-word a whole bunch Today 7:14 AM
- How to watch ‘The Name of the Rose’ for free Today 7:00 AM
- The Anthony Kennedy-Trump money laundering conspiracy is back—and as inaccurate as ever Today 6:30 AM
- How to watch the FIFA U-20 World Cup online for free Today 6:00 AM
- Indie game publisher announces Playdate, a console with a hand crank Wednesday 8:18 PM
- How to get The Sims 4 for free Wednesday 7:45 PM
- Trump’s Rose Garden podium sign is the perfect meme canvas Wednesday 7:34 PM
- Forest Whitaker to produce adaptation of novel ‘Hello, Universe’ for Netflix Wednesday 6:58 PM
- Baltimore still refuses to pay hackers who hit city with ransomware Wednesday 5:34 PM
- Net neutrality advocates slam ‘extremely troubling’ letter circulating among some House Dems Wednesday 4:52 PM
- Moms and grandmas are infiltrating TikTok Wednesday 4:35 PM
FriendFinder hack: Over 400 million accounts of dating and porn sites exposed
Thousands of government and military email accountants were found in the database.
The account information of over 412 million FriendFinder users has been compromised in a colossal breach that raided six of the adult-dating company’s databases.
FriendFinder Networks host a range of adult-oriented websites that offer a range of services, from dating to livestream sex chat. The massive leak exposes the usernames, member information, email addresses, passwords and IP addresses of millions of past and current users.
Among the user information are over 5,000 government registered email addresses, 78,000 military email addresses and information on over 15 million un-purged deleted accounts stretching back 20 years.
It’s feared that this information, now available on dark web marketplaces, could be used by criminals to potentially identify individuals and target them for extortion or phishing—especially given the nature of the services that FriendFinder provides.
In a statement to the Daily Dot, a FriendFinder Network spokesperson said the company has taken “several steps to review the situation and bring in the right external partners to support our investigation.” The company says its investigation is “ongoing” and will “continue to ensure all potential and substantiated reports of vulnerabilities are reviewed and if validated, remediated as quickly as possible.”
Security researchers at LeakedSource disclosed the scope of the hack in a blog published on Sunday. Without publicly publishing the data, the researchers verified that 339 million users of the AdultFriendFinder service, which markets itself as the “world’s largest sex and swinger community”, were affected. A further 72 million accounts belong to users of FriendFinder’s other adult-oriented verticals, including Cams.com, Stripshow.com, iCams.com, and Penthouse.
The vulnerability had been pointed out by a security researcher known as 1×0123, or Revolver, in mid-October. Posting screenshots on a since-suspended Twitter feed, 1×0123 identified a Local File Inclusion exploit. It was this vulnerability that is alleged to have resulted in the hack.
The vulnerability meant that sensitive login information of millions of users had been stored mostly in plaintext, and in some places encrypted with a dated SHA-1 hash function. The SHA-1 algorithm is not considered secure by current cryptographic standards.
ZDNet was able to independently verify the authenticity of LeakedSource’s report after being given access to a sample of the leaked database. After contacting a number of email addresses, individuals confided that they were or had been account holders at one of the FriendFinder websites and one remarked that he was “unsurprised” by the breach.
Of course, the skepticism is not unwarranted because this is not the first time that FriendFinder has succumbed to a serious hack. In May 2015, over 3.5 million of the company’s users had their data stolen in a hack reminiscent of that which adult-dating site Ashley Madison suffered. However, this latest breach exceeds all others in sheer size.
FriendFinder Network has vowed to provide more information into the breach if it becomes available.
Update: 10:55am CT, Nov. 14: Added comment from FriendFinder Network.
David Gilmour is a reporter who specializes in national politics, internet culture, and technology. He previously covered civil liberties, crime, and politics for Vice.