The personal details of millions of people who signed up to “sex and swingers” websites over the past 20 years have been exposed in one of the largest ever data breaches, according to monitoring firm Leaked Source.
Some 412 million accounts linked to sites owned by FriendFinder Networks (FFN), which owns sex hook-up platforms such as Adult Friend Finder and pornography sites including Penthouse, are thought to have been compromised in a major cyber-attack that took place last month.
It is thought hackers got away with information including not only emails and passwords, but also browser information, membership details, site visit dates and purchasing patterns – all of which have the potential to be extremely embarrassing for any identifiable members should the information be made public.
In a statement, the company said: “Upon learning of the incident, the company immediately took several steps to review the situation, notified law enforcement and retained external partners to support its investigation. FFN has since taken a number of steps to remediate and, based on the investigation to date, no credit card or payment information was compromised.
“Based on the ongoing investigation, FFN has not been able to determine the exact volume of compromised information. However, because FFN values its relationship with customers and takes seriously the protection of customer data, FFN is in the process of notifying affected users to provide them with information and guidance on how they can protect themselves.”
Leaked Source said of the FFN hack: “Passwords were stored by Friend Finder Networks either in plain visible format or SHA1 hashed (peppered). Neither method is considered secure by any stretch of the imagination.”
The data breach monitoring service also noted that the leaked account details contained thousands of US government and military addresses, along with details linked to as many as 16 million accounts which had been deleted. The leak is said to include sign-in details collected over the past two decades.
In terms of size, the FFN hack is one of the largest on record, coming in just behind Yahoo!’s recently reported loss of 500 million user account details, but ahead of MySpace’s leak of 359 million usernames and passwords back in 2013.
Although much larger by comparison, the FFN data loss is reminiscent of the 2015 attack on Ashley Madison, which dubs itself as an “extramarital affair website”. While hackers were only able to access 33 million user accounts during their attack on the site, the breach resulted in at least two suicides after the cyber criminals behind the strike dumped the data they stole online, raising fears that a similar situation could occur if the FFN data is made public.
