Move over, Ashley Madison. Adult Friend Finder’s security breach may be the largest on record. A massive hack on the adult dating and hookup FriendFinder network has exposed more than 400 million users’ private and senstive information, according to a report from breach notification website Leaked Source.
The hack revealed data on over 339 million accounts on AdultFriendFinder.com, which hails itself as the “world’s largest sex & swinger community.” That also includes the over 15 million now “deleted” accounts that weren’t purged from the databases.
It’s also affiliated with its sites such as Penthouse.com and Cams.com, according to Leaked Source report. In addition, 62 million accounts from Cams.com and with 7 million accounts from Penthouse were stolen as well, along with a few million accounts from other smaller websites owned by the company. The data hack counts for up to two decades’ worth of data from the company’s largest sites, according to Leaked Source.
According to Leaked Source, the hack happened via a Local File Inclusion exploit. The attack happened around the same time as one security researcher, called Revolver, disclosed a local file inclusion flaw on the Adult Friend Finder website, which successfully exploited the data once an attacker runs malicious code on the web server.
Leaked Source did not make the data search by a public domain. In a statement released via The Washington Post, FriendFinder Networks said it is currently investigating the situation, though it did not deny or confirm a hack.
“Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities form a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation,” the statement read.
It is also not clear who is behind this latest hack. When asked, Revolver denied that he was behind the data breach, and instead blamed users of an underground Russian hacking website. The data breach attack on FriendFinder Networks is the second one in recent years.
The company, which is based in California and has offices in Florida, was hacked last year. Over 4 million exposed accounts contained sensitive information, including sexual preferences and whether a user was looking for an extramarital affair.
“While a large number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability,” said Diana Ballou, vice president and senior counsel, in an email released on Friday.
“FriendFinder takes the security of its customer information seriously and will provide further updates as our investigation continues,” she stated. But, when pressed on questions and details, Ballou declined to comment further.
What’s also not clear is why FriendFinder Networks has still held onto the millions of accounts belonging to Penthouse.com since that site was sold to Penthouse Global Media back in February.
“We are aware of the data hack and we are waiting on FriendFinder to give us a detailed account of the scope of the breach and their remedial actions in regard to our data,” stated Kelly Holland, the site’s chief executive, stated on Saturday. Holland has stated that the site “does not collect data regarding our members’ sexual preferences.”
The Adult Friend Finder hack is ten times larger than the 2015 Ashley Madison hack. While the Ashley Madison hack revealed sensitive information like a user’s sexual preferences and fantasies, the attack on Adult Friend Finder is massive in size. The hack exposed the personal information of politicians, celebrities, and media figures.
However, the two online dating websites are not comparable as Ashley Madison offered an online place for married people to cheat on their spouses, while Friend Finder is more of an adult community. The number of affected accounts almost rivals the Yahoo email hack that compromised 500 million email addresses.
[Featured image by Aila Images/Shutterstock]