Adult Friend Finder Network
Six databases that were owned by Friend Finder Networks, Inc. suffered a massive data breach in 2016, which cost 412 million users their accounts. Not only were the usernames and passwords stolen, but 15 million deleted accounts were also included in the mix. Adult Friend Finder is an adult dating/entertainment website that calls itself the “world’s largest sex and swinger community.” Along with Adult Friend Finder, data accounts from Cams.com and Penthouse.com were also accessed in the data breach. A security researcher named “Revolver” first discovered the breach. In Friend Finder hack, sensitive data regarding member’s sexual preferences, extramarital affairs, and purchases made on the site was lost. This latest breach, however, appears to have only compromised accounts. Friend Finder executives have been slammed in the media for poor security practices, and they have not publicly commented on the data breach.
When Was the Adult Friend Finder Data Breach?
FriendFinder.com is constantly evolving to meet the wants and needs of its members. They are exploring and developing new features according to the results of member polls and email feedback. This online dating site recently started their Friend Network, which is an online social networking community connected to FriendFinder personals. FriendFinder: dating and social networking brought together. Established in 1996, FriendFinder is an integral part of FriendFinder Network which also operates Alt.com, TSDates, and Passion.com. Adult Friend Finder Network 445 Sherman Ave Palo Alto, California U.S.A. Phone: 800-388-0760. Web: Category: Adult Web Sites.
After investigating, cybersecurity officials believe the Adult Friend Finder data breach occurred before October 20, 2016. Friend Finder was warned by Revolver on October 18, 2016, about the potential vulnerability. Along with the accounts, evidence of source code from their websites and public/private key-pairs also showed up available online for purchase on the dark web.
How to Check if Your Victim of Adult Finder Hack
The friend finder leak data contained usernames, email addresses, and passwords. There is no online method for looking up whether or not your data is on adult friend finder hack list, but if you are a member of FriendFinder.com, your user account was affected.
What to Do if Your Data Was Breached
The first thing you should do is change your password to something very secure. Use a complex combination of letters, numbers, and symbols. Some other precautions to take are:
Be on the lookout for phishing emails. Your information could be used to intimidate you or extort money from you.
Cancel any credit cards used on the website.
If you used the same password on any other sites, change those as well.
Keep an eye on your credit and sign up for credit monitoring with a company like IDStrong.com.
Consider a credit freeze so no one can open up new accounts in your name.
Report the incident to Adult Friend Finder to let them know your information has been used for fraud or other illicit purposes.
Can Adult Friend Finder Hacked Information be Used for Identity Theft?
Due to the sensitive nature of the website content and purpose, the stolen accounts are more at risk than most others. In the theft, there were 78,301 who registered for the website using a military email address and another 5,650 that used a .gov (government worker) address. These members are at extreme risk of being extorted or having their identity stolen. For the millions of regular users, they too are in danger of phishing scams, viruses, malware attacks, and identity theft. The information ended up on the dark web and you should be aware that you may become a target because of this data breach. Be extra careful and learn what steps to take to protect yourself.
How to Prevent Data Breach
When signing up for an account with any type of website, you take a risk entering private information, even just your email address. To keep your life and your information private follow the steps below:
Keep your computer and other devices updated with the latest operating system, security patches, and antivirus software. Run deep scans often.
Use only one credit card online for purchases and check the monthly statement carefully.
Never give out personal information online if you don’t have to.
Monitor your credit reports and bank statements; look for fraudulent charges.
Change your passwords often and make them very complicated.
Watch for phishing or scam emails.
Never click a link in email or open any attachments.
You cannot be too careful online. Always use common sense before entering information into a web page and look for security certificates before making any payments. Stay on top of data breaches and respond quickly if you are affected.
What has happened?
The AdultFriendFinder website appears to have been hacked, exposing the personal information of hundreds of millions of user accounts.
What is AdultFriendFinder?
I don’t want to be indelicate, so I’ll just tell you it’s strapline: “Hookup, Find Sex or Meet Someone Hot Now”.
Oh! So like Ashley Madison?
Yes, very much so. And we all know what a big story that was, how extortionists attempted to blackmail users, and how lives were damaged as a result. Fortunately, information about individuals’ sexual preferences do not appear to have been included in the exposed databases.
Still, it sounds nasty – and there clearly remains the potential for blackmail. Are there any .gov and .mil email addresses associated with the exposed accounts in this latest breach?
I’m afraid so. Of the 412 million accounts exposed on the breached sites, in 5,650 cases, .gov email addresses have been used to register accounts. The same goes for 78,301 .mil email addresses.
Who discovered that AdultFriendFinder had suffered a data breach? And what sites are affected?
The news was made public by LeakedSource, who said that the hackers targeted Friend Finder Network Inc, the parent company of AdultFriendFinder, in October 2016 and stole data that stretched back over the last 20 years.
Affected sites include not just AdultFriendFinder but also adult webcam sites Cams.com, iCams.com, and Stripshow.com, as well as Penthouse.com.
At the time of writing, AdultFriendFinder has not published any statement on its website about the security breach.
Penthouse.com?
The website of the famous men’s magazine, which was founded in the 1960s. Curiously, Penthouse.com was sold by Friend Finder Network Inc to a different company, Penthouse Global Media Inc., in February 2016, so some eyebrows may be raised as to how the hackers were able to steal information of Penthouse.com’s users from Friend Finder Network’s systems in October 2016.
Penthouse Global Media’s Kelly Holland told ZDNet that her company was “aware of the data hack and we are waiting on FriendFinder to give us a detailed account of the scope of the breach and their remedial actions in regard to our data.”
How did the hackers get in?
CSO Onlinereported last month that a vulnerability researcher known as “1×0123” or “Revolver” had uncovered Local File Inclusion (LFI) flaws on the AdultFriendFinder site that could have allowed access to internal databases.
It’s possible that other hackers might have used the same flaw to gain access.
In an email to ZDNet, AdultFriendFinder VP Diana Ballou confirmed that the company had recently been patching vulnerabilities that had been brought to its attention:
“Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation. While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability. FriendFinder takes the security of its customer information seriously and will provide further updates as our investigation continues.”
Are passwords at risk too?
Yes. It appears that many of the passwords appear to have been stored in the database in plaintext. Also, most of the others were hashed weakly using SHA1 and have already been cracked.
A quick look at the passwords that have been exposed, sorted by popularity, tells a familiarly depressing tale.
Those are terrible passwords! Why do people choose such lousy passwords?
Maybe they created the accounts long ago before data breaches became such a regular headline in the newspapers. Maybe they still haven’t learned the benefit of running a password manager that generates random passwords and stores them securely, meaning you don’t have to remember them. Maybe they just get a kick out of living dangerously…
Or maybe they assumed AdultFriendFinder would never suffer a data breach?
You mean, they assumed AdultFriendFinder would never suffer a data breach again. You see, this isn’t the first time the website has been hit, although this is a much larger attack than the hack they suffered last year.
In May 2015, it was revealed that the email addresses, usernames, postcodes, dates of birth and IP addresses of 3.9 million AdultFriendFinder members were being offered for sale online. The database was later made available for download.
If… umm… a friend of mine was worried that they might have an AdultFriendFinder account, and that their password could have been exposed, what should they do?
Adult Friend Finder Network
Change your password immediately. And make sure that you are not using the same password anywhere else on the net. Remember to always choose strong, hard-to-crack passwords… and never re-use them. If you are signing-up for sites that you’re embarrassed about, it may make sense to use a burner email account rather than one that can be directly associated back to you.
Adult Friend Finder Networking Events
If you’re worried that your data may be breached again, you may wish to delete your account. Of course, requesting an account deletion is no guarantee that your account’s details will actually be deleted.
Adult Friend Finder Network Password
Editor’s Note:The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc