Websites belonging to the Friend Finder Network Inc company have been hacked exposing the details of over 400 million accounts.
The websites on the network include Adult Friend Finder, Penthouse and iCams among others and represents the largest breach since MySpace revealed it was hacked, earlier this year.
The hack – which LeakedSource is calling the biggest of 2016 – was reportedly executed via a Local File Inclusion exploit, which Adult Friend Finder had been made aware of early in October by way of a security researcher.
Perhaps the scariest bit of news from this hack is that according to LeakedSource if you thought the Friend Finder Network had deleted your information when you deleted your account, think again.
“While perusing the data we noticed that a significant amount of users had an email in the format of: [email protected]@deleted1.com. Uh oh,” said LeakedSource on its website. The breach alert service says that over 15 million email addresses with that format were found in the data it had received and that users trying to register an account with an email address in that format would find it impossible.
Things became insurmountably worse when the website looked at the passwords users employed and how they were secured.
“Passwords were stored by Friend Finder Network either in plain visible format or SHA1 hashed (peppered). Neither method is considered secure by any stretch of the imagination,” LeakedSource said.
Among the most used passwords on Adult Friend Finder, 123456 was revealed to be used by 900 420 people with 12345 coming in second with 635 995 users using it as their password. LeakedSource also managed to crack some more secure passwords which include phrases such as iloveyousomuchdarling123456 and southafricanmolerat. Hey, at least they’re better than 123456.
Unlike previous breaches LeakedSource is not making its database searchable just yet so there is no way of knowing which accounts have been compromised. With a breach of this size however we would advise any users of websites from the Friend Finder Network to change their passwords if they used one similar to the one they used on the Friend Finder websites.[Source – LeakedSource] [Image – CC SA BY 2.0 hackNY.org]