Adult dating service company Friend Finder Network has reportedly been hacked, with over 412 million accounts, email addresses, and passwords from their websites made available on criminal marketplaces. Notably, the database does not include more detailed personal information, but could still be used to confirm whether a person was a user of the service.
Breach notification site LeakedSource first reported the attack, indicating that over 300 million AdultFriendFinder accounts were affected, as well as over 60 million accounts from Cams.com. Other company holdings, such as Penthouse, Stripshow, and iCams were also breached, for a total of 412,214,295 affected users.
The hack also revealed that the company had kept information on 15 million accounts that users had deleted, as well as information on users for assets it no longer owned, such as Penthouse. By comparison, the Ashley Madison hack that took place in July 2015 revealed 32 million accounts, although that attack was also accompanied by a more aggressive extortion campaign.
According to CSO Online, a security researcher going by the name Revolver uncovered Local File Inclusion vulnerabilities on the site in October. Shortly thereafter, Friend Finder Network’s vice president, and senior counsel of corporate compliance & litigation, Diana Lynn Ballou provided CSO Online with a statement: “We are aware of reports of a security incident, and we are currently investigating to determine the validity of the reports.” This isn’t the first time AdultFriendFinder has run into trouble: in May 2015, 3.5 million user accounts were exposed in another hack.