For the second time in two years, an adult-oriented social media site has suffered a major hack.
As LeakedSource reported on Sunday, a hack targeted against Friend Finder Network has exposed over 412 million accounts. Most of these (339 million) belong to the sex hookup site AdultFriendFinder, with Cams.com and Penthouse being the next-most-effected with 62 million and 7 million users, respectively. This hack surpasses the MySpace breach (360 million users were impacted by the MySpace hacking in 2013), although it still falls short of the Yahoo! attack in 2014 (which compromised at least 500 million accounts). But the potential for embarrassment is far greater.
The hack has exposed the purchasing patterns, unprotected passwords, Internet addresses, and other sensitive personal information about the adult sites' customers.
“FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources," explained Friend Finder Networks vice president and senior counsel Diana Ballou to ZDNet, indirectly confirming the reports. "While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability."
The hack first entered the news last month, when a hacker known as Revolver or 1x0123 posted screenshots to Twitter claiming to have discovered a vulnerability in the website's infrastructure.
The FriendFinder attack is reminiscent of the 2015 hack against Ashley Madison, a website that helped married individuals arrange affairs. The group responsible referred to themselves as "The Impact Team" and claimed to have targeted Ashley Madison due both to their moral objections to the site's mission and to demonstrate that they were lying when claiming users could have all of their data scrubbed for a $19 fee.
Shares