For the second time in two years, users of the X-rated website AdultFriendFinder have had their personal information stolen in a data breach. The first data breach we told you about in 2015 affected slightly less than four million members, but the most recent hack that was just revealed is larger — much larger. A total of 412 million accounts across all of Friend Finder Network Inc.’s corporate holdings were stolen and made available in online criminal marketplaces. 300 million of those accounts were from AdultFriendFinder and the remaining 112 million were from accounts on Cams, Penthouse, Stripshow, and iCams. Of the 412 million, 15 million were “deleted” accounts.
The first to announce the AdultFriendFinder data breach was LeakedSource, which said the site was hacked in October 2016 and that the 412 million accounts represent 20 years of customer data. It’s calling this data breach the biggest its ever seen. At this time, it’s believed the information that was stolen and put online included:
- E-mail addresses
- Whether or not the user was a VIP member
- Browser information
- The last IP address used to log in
- User purchases
ZDNet reached out to AdultFriendFinder, but the company wasn’t ready to confirm the data breach publicly. In an e-mail to ZDNet, Diana Ballou, vice president and senior counsel said:
Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation.
While a number of these claims proved to be false extortion attempts, we did identity and fix a vulnerability that was related to the ability to access source code through an injection vulnerability.
FriendFinder takes the security of its customer information seriously and will provide further updates as our investigation continues.
This data breach may conjure up some memories of 2015’s Ashley Madison data breach, which resulted in the release of the private information of approximately 37 million users. The AdultFriendFinder data breach is obviously much, much larger, but some consider the hacked data to be fairly benign in comparison. In the Ashley Madison data breach, an incredible amount of personal information was dumped online — full names, addresses, phone numbers, and even credit card numbers. This was not just a treasure trove for identity thieves, but extortionists as well; the fall-out from Ashley Madison was immense.
The most sensitive data released in the AdultFriendFinder data breach included e-mail addresses and passwords, but it’s not uncommon for the individuals who use these sites to sign up with fake e-mail addresses. At this time, it’s unclear what the full effects of the AdultFriendFinder data breach will be, but we will keep you updated on any developments.