More than 400 million users of adult websites such as Adult FriendFinder and Cams.com have had their email addresses and passwords stolen, a cyber security firm says, making it one of the largest data breaches ever reported.
Breach notification website LeakedSource reported on Monday that California-based Friend Finder Networks (FFN) was hacked last month, after which information from more than 412 million accounts was stolen.
Friend Finder Networks operates a range of adult websites, including Adult FriendFinder, which describes itself as the world’s largest sex and swinger community. It also operates sex cam sites Cams.com, Stripshow.com, and iCams.com.
LeakedSource found that 339.7 million accounts of Adult FriendFinder – some of them going back as far as 1997 – were affected by the breach, as well as 62.6 million accounts on Cams.com, 1.4 million on Stripshow.com, and 1.1 million on iCams.com.
The hack also compromised 7.1 million users of Penthouse.com, the website of the iconic men’s magazine that was previously owned by Friend Finder Networks. The magazine’s website provides sex cam services as well as pornography.
While going through the data, the cyber security firm noticed that a significant number of accounts had @deleted1.com added to their email address, indicating that Friend Finder Networks may not have deleted old user accounts. More than 15.7 million “deleted” accounts are believed to be affected.
LeakedSource, which analyzed the stolen data, said Friend Finder Networks had stored 125 million user passwords in plain text and the others were SHA1 hashed, which is insufficient to stop hackers from finding out the passwords. As a result, virtually all of the passwords have now been cracked.
It is unknown who is behind the massive hack, which marks one of the largest data breaches ever reported.
Analysis by LeakedSource showed that “123456” was by far the most common password, used by more than 900,000 users. Passwords such as “12345”, “123456789”, and “12345678” were also popular, none of which are secure.
Those affected include 78,301 accounts whose email address ends in .mil, which is the top-level domain used by the U.S. Department of Defense. Another 5,650 accounts were registered with accounts ending in .gov, which is used by the U.S. government.
There was no indication that personal information such as private messages, profiles, or credit card information was stolen as part of the hack. Users who may have been affected by the hack and may have used the same password on other websites are urged to change their passwords immediately.
(Copyright 2015 by BNO News B.V. All rights reserved. Info: firstname.lastname@example.org.)