Websites of the FriendFinder Networks, such as adultfriendfinder.com, penthouse.com and cams.com, were hacked in October and data of over 410 million users was stolen, according to LeakedSource, “a breach notification website that specializes in bringing hacking incidents to the public eye.” For context, the August 2015 hack of adultery website Ashley Madison affected about 32 million users.
In a post on its website, LeakedSource said it was the second time the FriendFinder Network was breached, the first instance having taken place in May 2015. The October hack was labeled “by far the largest breach we have ever seen.”
Adultfriendfinder.com, which calls itself the “world’s largest sex & swinger community,” had the biggest cache of data stolen, affecting almost 340 million users. Cams.com and penthouse.com had credentials of over 62 million and 7 million users stolen, respectively. Other domains of the group, such as stripshow.com and icams.com, had over 1 million accounts compromised, each. About 16 million hacked accounts are deleted, which is to say, their information was kept in the databases of the websites even after the users had deleted their accounts.
In case you were signed up to any of these websites, and used the same login credentials for other services on the internet, it will be a good idea to change your passwords immediately. LeakedSource said the many of the passwords were plainly visible.
While the breach notification service has refused to share the dataset on its website, at least for the time being, it has provided some interesting facts. There are a total of 5,650 .gov email addresses and 78,301 .mil email addresses registered on the hacked websites.
The breach was made through a Local File Inclusion exploit which was first reported Oct. 18 by CSO. At the time, Diana Lynn Ballou, vice president and senior counsel of corporate compliance and litigation at FriendFinder, said: “We are aware of reports of a security incident, and we are currently investigating to determine the validity of the reports. If we confirm that a security incident did occur, we will work to address any issues and notify any customers that may be affected.”
It is also important to note that FriendFinder sold the Penthouse brand earlier this year, but still stored information of its users.