Dabbling in the online adult dating and pornography market anonymously is fast becoming a bit of a risky business for internet users. Last year saw Ashley Madison, the site for people seeking affairs, get hacked. Although it had some serious consequences, like two suicides which were linked to it, it also came to light that many women on the site never actually existed.
And now the news comes that over 412 million users of adult websites run by Friend Finder Networks have had their login details exposed according to Leaked Source. Sites included in the hack, the largest of 2016, include Adultfriendfinder.com, Stripshow.com, Cam.com, iCams.com, and Penthouse.com.
The hack which took place in October revealed details of users including email addresses, passwords, browser information, IP addresses, and site membership status across sites run by the California-based Friend Finder Networks.
“FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources." the company's vice president Diana Ballou told ZDnet. "While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability. FriendFinder takes the security of its customer information seriously and will provide further updates as our investigation continues."
According to Leaked Source, "Passwords were stored by Friend Finder Networks either in plain visible format or SHA1 hashed (peppered). Neither method is considered secure by any stretch of the imagination.”
Leaked Source also said that 78,301 of the accounts used .mil US military email addresses and another 5,650 were .gov addresses which is the US government email, along with 96 million Hotmail accounts. And 16 million deleted accounts, whose data hadn't quite been deleted, were also found.
No one has yet claimed responsibility for the hack, although a security researcher called Revolver had posted information in October to a now suspended Twitter account saying he had found a flaw in Friend Finder Networks’ security.
According to ZDNet Revolver has denied he's behind the hack though and instead has blamed underground Russian hackers.