- All of the ‘Avengers: Endgame’ Easter eggs discovered by fans Saturday 6:52 PM
- Every big announcement made at D23 about Disney+ Saturday 6:33 PM
- The best haunted house movies to watch online in 2019 Saturday 4:13 PM
- Andy Ngo seen laughing as Patriot Prayer members plan an attack in newly emerged video Saturday 3:59 PM
- How to stream Manchester City vs. Bournemouth Saturday 3:25 PM
- Catholic priest allegedly spent church money on Grindr hookups Saturday 3:04 PM
- Nicolás Maduro’s English Twitter account was suspended with no public explanation Saturday 2:06 PM
- Man claims ex-girlfriend killed his dog after he broke up with her Saturday 1:02 PM
- What are BitTorrent downloads and how do they work? Saturday 12:58 PM
- ICE cuts the cord on real immigrant hotline after being featured in ‘Orange Is the New Black’ (updated) Saturday 10:49 AM
- The 10 best music podcasts for artist interviews and criticism in 2019 Saturday 10:41 AM
- How a socialist Twitch streamer landed in a feud with Dan Crenshaw Saturday 10:07 AM
- How to prepare for your fantasy football draft (and season) Saturday 9:00 AM
- Kit Harington is joining the MCU–and people are guessing which character he will play Saturday 8:48 AM
- How to live stream Juan Francisco Estrada vs. Dewayne Beamon Saturday 8:00 AM
The account information of over 412 million FriendFinder users has been compromised in a colossal breach that raided six of the adult-dating company’s databases.
FriendFinder Networks host a range of adult-oriented websites that offer a range of services, from dating to livestream sex chat. The massive leak exposes the usernames, member information, email addresses, passwords and IP addresses of millions of past and current users.
Among the user information are over 5,000 government registered email addresses, 78,000 military email addresses and information on over 15 million un-purged deleted accounts stretching back 20 years.
It’s feared that this information, now available on dark web marketplaces, could be used by criminals to potentially identify individuals and target them for extortion or phishing—especially given the nature of the services that FriendFinder provides.
In a statement to the Daily Dot, a FriendFinder Network spokesperson said the company has taken “several steps to review the situation and bring in the right external partners to support our investigation.” The company says its investigation is “ongoing” and will “continue to ensure all potential and substantiated reports of vulnerabilities are reviewed and if validated, remediated as quickly as possible.”
Security researchers at LeakedSource disclosed the scope of the hack in a blog published on Sunday. Without publicly publishing the data, the researchers verified that 339 million users of the AdultFriendFinder service, which markets itself as the “world’s largest sex and swinger community”, were affected. A further 72 million accounts belong to users of FriendFinder’s other adult-oriented verticals, including Cams.com, Stripshow.com, iCams.com, and Penthouse.
The vulnerability had been pointed out by a security researcher known as 1×0123, or Revolver, in mid-October. Posting screenshots on a since-suspended Twitter feed, 1×0123 identified a Local File Inclusion exploit. It was this vulnerability that is alleged to have resulted in the hack.
The vulnerability meant that sensitive login information of millions of users had been stored mostly in plaintext, and in some places encrypted with a dated SHA-1 hash function. The SHA-1 algorithm is not considered secure by current cryptographic standards.
ZDNet was able to independently verify the authenticity of LeakedSource’s report after being given access to a sample of the leaked database. After contacting a number of email addresses, individuals confided that they were or had been account holders at one of the FriendFinder websites and one remarked that he was “unsurprised” by the breach.
Of course, the skepticism is not unwarranted because this is not the first time that FriendFinder has succumbed to a serious hack. In May 2015, over 3.5 million of the company’s users had their data stolen in a hack reminiscent of that which adult-dating site Ashley Madison suffered. However, this latest breach exceeds all others in sheer size.
FriendFinder Network has vowed to provide more information into the breach if it becomes available.
Update: 10:55am CT, Nov. 14: Added comment from FriendFinder Network.
David Gilmour is a reporter who specializes in national politics, internet culture, and technology. He previously covered civil liberties, crime, and politics for Vice.