Prime Inspiration

AdultFriendFinder Network Hack Puts 412 Million Accounts At Risk

by

Haridas Gowra
in
Password Stealing
Password Stealing

A recent report from LeakedSource reveals that a hack targeting Friend Finder Network has exposed over 412 million accounts with most of them (339 million) belonging to sex hookup site AdultFriendFinder. That also includes over 15 million “deleted” accounts that were not purged from the databases. In addition, the hack also compromised accounts at Cams.com (62 million), Penthouse (7 million) and a handful of smaller sites.

The vulnerable data includes some particularly sensitive details. While it is not as bad as a 2015 breach, where sexual preferences were in the clear, the hack has revealed usernames, purchasing patterns, internet addresses and easy to crack (or in some cases, unprotected) passwords. ZDNet has verified that at least some of the accounts are real.

The attack happened at around the same time as one security researcher, known as Revolver, disclosed a local file inclusion flaw on the AdultFriendFinder site, which if successfully exploited could allow an attacker to remotely run malicious code on the web server. However, it is not known who carried out this most recent hack.

Friend Finder Networks confirmed the site vulnerability, but would not outright confirm the breach. However, according to an email from Diana Ballou, vice president, and senior counsel, they did note that they have received reports of “potential security vulnerabilities”.

Over the past several weeks, FriendFinder has received several reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation.

While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability. FriendFinder takes the security of its customer information seriously and will provide further updates as our investigation continues.

While the chances of someone going on a shopping spree with this info are slim, there is still plenty of risks involved. Login details can reveal identities and open the door to account hijacks, and the age of the database raises the extra potential for mischief. So, if you are a user or if you have used the AdultFriendFinder service or any of the other services under the Friend Finder Network, you will want to double check your email passwords and change it. In addition, please remember that even if you have stopped using those websites, there is a chance your info could have been stolen.

 

Tags:

, , ,
Haridas Gowra Avatar
Haridas Gowra
Loves space, gadgets, comics and believes PC is superior to consoles.

Help Us Grow

If you like this post, please share it with your friends.

You are free to copy and redistribute this article in any medium or format, as long as you keep the links in the article or provide a link back to this page.

Subscribe to Newsletter

Privacy Settings

Privacy & Cookie Overview

Our website uses cookies to provide you with the best user experience possible. These cookies are stored in your browser and perform essential functions such as recognizing you when you return to our website, as well as helping us to understand which sections of the website you find most useful and engaging.

To learn more, you can read our Privacy & Cookie Policy or reach out through our Contact form.

Strictly Necessary Cookies

Strictly Necessary Cookies must always be enabled to ensure the proper functioning of this website and to allow us to provide you with excellent service. These cookies are also essential for saving your cookie preferences.

Google Adsense

We use Google AdSense to keep this site free by displaying relevant ads. AdSense requires essential cookies that cannot be disabled, but you can manage other cookies. We respect your privacy and provide options to control non-essential cookies.

For more details on how Google handles your data, visit Google's Data Usage Policy. Please review our Privacy Policy for more information on how we protect your data.

AddToAny

We use AddToAny for social sharing. It doesn’t store cookies, ensuring a privacy-friendly experience. AddToAny complies with GDPR and CCPA by default.

For more, see their Privacy Policy.

OneSignal

We use OneSignal to send notifications to users who opt in. OneSignal complies with GDPR and is certified under the EU-US and Swiss-US Privacy Shield frameworks.

For more, see their Privacy Policy.

3rd Party Cookies

This website utilizes third-party cookies, which can enhance your experience and support our ongoing efforts to improve our services.

Google Analytics

We use Google Analytics to collect anonymous data, such as visitor numbers and popular pages, to improve user experience and site performance. Keeping this cookie enabled helps us refine the site based on visitor activity.

For more information, see Google’s Privacy Policy.

Discover more from Prime Inspiration

Subscribe now to keep reading and get access to the full archive.

Continue reading