[11/14/16] Adult dating and pornography site company Friend Finder Networks has been hacked, exposing the private details of over 412 million accounts and making it the largest data breach ever recorded, according to monitoring firm Leaked Source.
The attack, which took place in October, resulted in email addresses, passwords, dates of last visits, browser information, IP addresses and site membership status across sites run by Friend Finder Networks being exposed.
It s the biggest breach in terms of number of users since the 2013 leak of 359 million MySpace users’ details.
Friend Finder Networks operates “one of the world’s largest sex hookup” sites Adult Friend Finder, which has “over 40 million members” that log in at least once every two years, and over 339m accounts. It also runs live sex camera site Cams.com, which has over 62m accounts, adult site Penthouse.com, which has over 7m accounts, and Stripshow.com, iCams.com and an unknown domain with more than 2.5m accounts between them.
Friend Finder Networks vice president and senior counsel, Diana Ballou, told ZDnet: “FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability.”
Ballou also said that Friend Finder Networks brought in outside help to investigate the hack and would update customers as the investigation continued, but would not confirm the data breach.
Leaked Source, a data breach monitoring service, said of the Friend Finder Networks hack: “Passwords were stored by Friend Finder Networks either in plain visible format or SHA1 hashed (peppered). Neither method is considered secure by any stretch of the imagination.”
The hashed passwords seem to have been altered to be all in lowercase, rather than case specific as entered by the users originally, which makes them easier to break, but possibly less useful for malicious hackers, according to Leaked Source.