Adult Friend Finder Database
What has happened?
View Adult Friend Finder (www.aff.com) location in California, United States, revenue, industry and description. Find related and similar companies as well as employees by title and much more. Adult Friend Finder, which was founded in 1996, has more than 40 million members, according to its website. FriendFinder Networks says it has more than 600 million registered users across some. Leaked database of Adult Friend Finder still online. Adult Friend Finder, one of the largest online dating sites, may have been breached more than two months ago, and the sensitive files—include.
The AdultFriendFinder website appears to have been hacked, exposing the personal information of hundreds of millions of user accounts.
What is AdultFriendFinder?
I don’t want to be indelicate, so I’ll just tell you it’s strapline: “Hookup, Find Sex or Meet Someone Hot Now”.
Oh! So like Ashley Madison?
Yes, very much so. And we all know what a big story that was, how extortionists attempted to blackmail users, and how lives were damaged as a result. Fortunately, information about individuals’ sexual preferences do not appear to have been included in the exposed databases.
Still, it sounds nasty – and there clearly remains the potential for blackmail. Are there any .gov and .mil email addresses associated with the exposed accounts in this latest breach?
I’m afraid so. Of the 412 million accounts exposed on the breached sites, in 5,650 cases, .gov email addresses have been used to register accounts. The same goes for 78,301 .mil email addresses.
Who discovered that AdultFriendFinder had suffered a data breach? And what sites are affected?
The news was made public by LeakedSource, who said that the hackers targeted Friend Finder Network Inc, the parent company of AdultFriendFinder, in October 2016 and stole data that stretched back over the last 20 years.
Affected sites include not just AdultFriendFinder but also adult webcam sites Cams.com, iCams.com, and Stripshow.com, as well as Penthouse.com.
At the time of writing, AdultFriendFinder has not published any statement on its website about the security breach.
Penthouse.com?
The website of the famous men’s magazine, which was founded in the 1960s. Curiously, Penthouse.com was sold by Friend Finder Network Inc to a different company, Penthouse Global Media Inc., in February 2016, so some eyebrows may be raised as to how the hackers were able to steal information of Penthouse.com’s users from Friend Finder Network’s systems in October 2016.
Penthouse Global Media’s Kelly Holland told ZDNet that her company was “aware of the data hack and we are waiting on FriendFinder to give us a detailed account of the scope of the breach and their remedial actions in regard to our data.”
How did the hackers get in?
CSO Onlinereported last month that a vulnerability researcher known as “1×0123” or “Revolver” had uncovered Local File Inclusion (LFI) flaws on the AdultFriendFinder site that could have allowed access to internal databases.
It’s possible that other hackers might have used the same flaw to gain access.
In an email to ZDNet, AdultFriendFinder VP Diana Ballou confirmed that the company had recently been patching vulnerabilities that had been brought to its attention:
“Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation. While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability. FriendFinder takes the security of its customer information seriously and will provide further updates as our investigation continues.”
Are passwords at risk too?
Yes. It appears that many of the passwords appear to have been stored in the database in plaintext. Also, most of the others were hashed weakly using SHA1 and have already been cracked.
A quick look at the passwords that have been exposed, sorted by popularity, tells a familiarly depressing tale.
Adult Friend Finder Database
Those are terrible passwords! Why do people choose such lousy passwords?
Maybe they created the accounts long ago before data breaches became such a regular headline in the newspapers. Maybe they still haven’t learned the benefit of running a password manager that generates random passwords and stores them securely, meaning you don’t have to remember them. Maybe they just get a kick out of living dangerously…
Or maybe they assumed AdultFriendFinder would never suffer a data breach?
You mean, they assumed AdultFriendFinder would never suffer a data breach again. You see, this isn’t the first time the website has been hit, although this is a much larger attack than the hack they suffered last year.
Adult Friend Finder Database Name
In May 2015, it was revealed that the email addresses, usernames, postcodes, dates of birth and IP addresses of 3.9 million AdultFriendFinder members were being offered for sale online. The database was later made available for download.
If… umm… a friend of mine was worried that they might have an AdultFriendFinder account, and that their password could have been exposed, what should they do?
Change your password immediately. And make sure that you are not using the same password anywhere else on the net. Remember to always choose strong, hard-to-crack passwords… and never re-use them. If you are signing-up for sites that you’re embarrassed about, it may make sense to use a burner email account rather than one that can be directly associated back to you.
If you’re worried that your data may be breached again, you may wish to delete your account. Of course, requesting an account deletion is no guarantee that your account’s details will actually be deleted.
Editor’s Note:The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc
In a security update announcement on May 22, 2015 FriendFinder Networks Inc., the parent company of Adult Friend Finder, confirmed that they were aware of a “potential data security incident” and that they were taking immediate action, stating that the security of its members was its highest priority.
In May of 2015 hackers were able to breach to the Adult Friend Finder database and gain access to four million data records, which they then publicly dumped. The data dump included highly sensitive information from the adult hookup site’s 64 million registered users including user names, email addresses, dates of birth, gender, race, relationship statuses, IP addresses, geographic locations, sexual preferences, and languages spoken.
One of the actions FriendFinder Networks has taken was to immediately launch an internal investigation, informing all concerned law enforcement agencies including the FBI and hiring a third party cyber security firm, Mandiant, to:
[I]nvestigate the incident, review network security and remediate our system.” FriendFinder Networks has launched an internal investigation to “review and expand existing security protocols and processes, has temporarily disabled the ability to search by username, and has masked the usernames of any users we believe were affected by the security issue.
FriendFinder Networks is advising its members who may have been affected to change their user names and passwords and if they have used these (user names and password) for other sites to change them there as well. The company has also stated, “It is important to note that, at this time, there is no evidence that any financial information or passwords were compromised.”
However, the contained picture that FriendFinder Networks presents may not be so rosy. It is being widely reported that a Thai hacker who goes by the name ROR[RG] is claiming to be responsible for the hack and has demanded that FriendFinder Networks pay him $100,000 to prevent any further data dumps of the stolen information taken from FriendFinder Networks’ database. The hacker has been boasting about the breach and claiming he is out of law enforcement’s reach due to his residence in Thailand.
A hack of this nature is very serious because the breach of members’ user names, passwords, locations, date of birth, sex, sexual orientation and preferences can certainly lead to possible identity theft, spam and phishing schemes of a financial nature, but could also lead to cyber criminals blackmailing individuals to not publicly publish embarrassing information about one’s sexual activities, preferences or divulge the information to a spouse, family member, employer, community etc. For an unscrupulous individual, the sensitive information involved in this cyber intrusion could be used to ruin someone socially. Or worse yet, government or military employees could be blackmailed into divulging confidential information that could put other people’s lives in jeopardy. This hack could have far more serious ramifications for the people affected by this breach than your garden variety corporate cyber breach.
Additional Resources About This Breach: