AdultFriendFinder Data Breach Exposes 300M Accounts, Even Those Deleted: Ashley Madison Hack Suddenly Seems Small
More than 300 AdultFriendFinder accounts have reportedly been exposed in a massive data breach that hit adult dating service Friend Finder Network.
The large Friend Finder Network has a number of assets and the hack reportedly compromised a whopping 412 million accounts, email addresses and passwords from its websites, dumping them on the black market.
Of that 412 million, more than 300 million were AdultFriendFinder accounts, more than 60 million were from Cams.com, while other affected holdings include Stripshow, Penthouse and iCams, breach notification website LeakedSource reports. In total, 412,214,295 accounts were affected.
The database did not include utterly detailed information like Ashley Madison did, but it could still confirm whether an individual used the service.
Millions Of Deleted User Accounts Still Stored, Now Breached
The massive data breach shined light upon another sensitive matter: it seems the company continued to store information on 15 million accounts even though users had deleted them. At the same time, it also kept information for former assets no longer in its possession, such as Penthouse.
With more than 300 million AdultFriendFinder accounts compromised, this massive data breach easily trumps the Ashley Madison hack that exposed 32 million accounts. On the other hand, the Ashley Madison breach was more sensitive because the site kept intimate information such as users' sexual preferences, fetishes, fantasies and others such. Moreover, Ashley Madison was hacked because it was an adultery website, and it was warned that hacked data would end up online if it did not shut down operations.
With AdultFriendFinder, things are a little different. CSO Online reports that a security researcher known as Revolver found Local File Inclusion vulnerabilities on the website last month.
Not long after, a Friend Finder Network executive told CSO Online that the company was aware of the security incident reports and was looking into the matter to determine whether the claims were valid. The hack seems to prove the vulnerabilities were indeed exploitable.
Nevertheless, this is not the first time that AdultFriendFinder faces such issues. The site was also hacked back in May 2015, exposing 3.5 million user accounts.
Poor Or Nonexistent Encryption
LeakedSource further reveals that Friend Finder Network didn't really go through the trouble of encrypting data so that it's somewhat protected in case of a breach. The company stored user passwords in plain visible format, or with the poor Secure Hash Algorithm 1 that's not regarded as secure.
Unlike the 2015 breach, however, the data stolen now doesn't appear to include sexual preference data, ZDNet points out, after obtaining part of the hacked database and confirming its validity. Nevertheless, account usernames, emails, passwords, IP addresses, browser information, last login details and other information was easily visible.
20 Years' Worth Of Data
The massive data breach that hit Friend Finder Network reportedly exposed 20 years' worth of data the company had been storing.
The company has yet to offer additional comments or explain why it was still storing information of accounts deleted long ago, but should offer a statement soon enough.