Over 400 million user details have reportedly been hacked from FriendFinderNetwork’s network of adult sites, including names, email addresses, passwords and a host of other personal information.
According to LeakedSource.com , a total of 412 million users’ account details could be affected across a number of different sites owned by Friend Finder, including AdultFriendFinder, Cams.com, Penthouse.com, Stripshow.com and iCams.com among others.
The majority of those details came from AdultFriendFinder, which was also reportedly storing user passwords in either plain text or SHA1 hashed, which can be cracked with relative ease. LeakedSource.com notes that the hashed passwords had been transformed to lower case, which has the odd effect in this case of making the passwords easier to brute force, but less useful to hackers looking to gain access to other services through reused credentials.
Unfortunately, it seems that users who had deleted accounts may also be affected by the breach, as 15.7 million accounts were found with appended with “@deleted”, suggesting that the data had instead been kept in the system rather than deleted when a user deactivates an account.
And yep, you guessed it, the most used password on AdultFriendFinder was 123456, followed by six variations of the numbers 1 – 9, but all beginning with 12345. The seventh most used password, and the first to be an actual word was…password. Clearly, businesses are required to take steps to keep user data safe but the need for users to also enact some sensible security practices seemingly can’t be overstated.
Across all the reportedly hacked sites, there were 5,650 registered government (.gov) email addresses and 78,301 military .(mil) email addresses.
The hack isn’t the first problem for Friend Finder. In May 2015, nearly four million members’ details were posted online following a similar hack, which makes the poorly hashed passwords particularly disappointing if LeakedSource.com is correct.
We’ve contacted FriendFinder for a comment and will update if the company responds.
Watch The Refresh: The best tech news and gossip every week
Do you use strong passwords or just reuse a couple for different services? Let us know in the comments below!