A hack against popular adult dating and entertainment company FriendFinder Networks exposed data related to more than 412 million user accounts, according to a report from breach notification site LeakedSource.
If the report is correct, that would make the breach one of the largest on record in terms of the number of accounts affected. It would also mark the second such incident at the company in two years.
FriendFinder Networks did not confirm or deny the breach when reached by The Washington Post. But the company said in a statement that it had “received a number of reports regarding potential security vulnerabilities from a variety of sources” and was investigating. “Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation.” the statement said.
The Adult FriendFinder data stretched back 20 years and included information such as usernames, emails, join dates and the date of a user’s last visit, according to LeakedSource. Passwords were also included in the trove — the vast majority of them featured unsecured protections or none at all, the report said.
LeakedSource said the alleged breach includes nearly 340 million accounts from flagship site Adult FriendFinder, plus data from other sites owned by FriendFinder Network, including Cams.com, as well as records from Penthouse.com, which was sold in February. The new owners of Penthouse.com, Penthouse Global Media, did not immediately respond to a request for comment. The cache may also include 15 million email addresses connected to deleted accounts, according to LeakedSource.
The data was stolen last month using a vulnerability exposed around the same time, LeakedSource reported.
The previous FriendFinder Network breach came to light in May 2015 and affected 3.5 million accounts. Both that hack and others in the adult industry, such as the 2015 Ashley Madison breach that exposed data about 36 million users, pale in comparison to the scale of the latest alleged FriendFinder Networks data dump.
In fact, if LeakedSource is correct only the massive Yahoo data breach disclosed in September, which hit over half a billion accounts, exposed more user accounts. Unlike FriendFinder Networks, Yahoo is a mainstream service.
(c) 2016, The Washington Post ยท Andrea Peterson
