Sex hookup site targeted in world’s second largest data breach
The dating and online pornography company Friend Finder Networks has been hacked, potentially exposing private details of more than 412 million accounts. The leaks emanated from AdultFriendFinder, whose website describes it as ‘The hottest Dating, Hookup and Sex Community’. Its sister sites Cams.com, Penthouse.com, Stripshow.com and iCams.com were also targeted. At least 5.2 million UK email addresses and search history (including date of last visit, browser information, purchasing patterns, IP addresses) have potentially been exposed. It is understood that the breach covers accounts going back 20 years, including deleted accounts.
This breach surpasses the 33 million user accounts reportedly compromised following a cyberattack on the Ashley Madison adultery site in 2015. It is only superseded by the hacking of Yahoo accounts in 2014 where it was estimated that at least 500 million accounts were hacked.
The cyberattack was discovered by Leaked Source, a hack monitoring site, in October of this year. Leaked Source claims that login information was stored in a way that was easily decoded and estimated that 99% of the stolen logins were legible to hackers.
Friend Finder Networks have not confirmed any breach but vice president, Diana Ballou has said “FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability”.
This is not the first time that AdultFriendFinder has been targeted by hackers. In 2015 more that 3.5 million people’s email addresses, zip codes, passwords, birthdays and sexual preferences were exposed and made available online. In some cases individuals were identified and approached by other hackers. At the time Friend Finder Networks stated that whilst it was not aware of the full scope of the breach they would continue to “work vigilantly” and stated “We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected”. This earlier hack was allegedly carried out by a lone individual hacker using the moniker ROR[RG]. The identity of the hackers in this most recent breach has yet to be determined.
Click here to found out how Brett Wilson privacy solicitors can assist you if your personal data has been the subject of a data leak.
Articles are intended as an introduction to the topic and do not constitute legal advice.