AdultFriendFinder, which calls itself “the world’s largest sex and swinger community,” got hit, and over 410 million account details, including email addresses and passwords, have been posted online.
Less than 18 months ago, the extramarital-affair-enabling website Ashley Madison had a huge data breach. Data from over 30 million accounts was posted online, and there was a flurry of shaming and finger-pointing all over the internet. You’d think the industry would have learned.
Alas, it did not. A similar website, AdultFriendFinder, which calls itself “the world’s largest sex and swinger community,” got hit, and over 410 million account details, including email addresses and passwords, have been posted online.
What Happened This Time?
In October, AdultFriendFinder and multiple sister sites (including Cams and Penthouse) were attacked. Websites under the control of Friend Finder Networks, the parent company, were vulnerable to a type of attack called local file inclusion. This attack gave hackers access to a number of Friend Finder databases, including billing information, member lists, and chat logs.
Friend Finder was also hacked last year, and the details of four million accounts was released. It appears they didn’t upgrade their security. This attack is much, much worse.
Among the information posted online were email addresses and passwords that hadn’t been securely encrypted, meaning that hackers could actually see plain text details. Obtaining an encrypted password won’t do an attacker much good, but actually obtaining email addresses and passwords not only compromises the identity of users, but also opens them to further attacks.
Adding insult to injury, a lot of deleted accounts — potentially up to 15 million — still had their information stored on the servers. So even people who had deleted their Friend Finder accounts may have been compromised. Some outlets are reporting that 20 years of data was released.
What You Need to Know
There may also be others that we’re not aware of yet. If you have an account on any of these sites, or if you’ve ever had an account, it’s best adult dating sites best to assume that your information has been compromised. Unless you’ve been in the habit of using unique, strong passwords for a long time, you should change all of your other account passwords. Now.
The AdultFriendFinder breach isn’t yet searchable on HaveIBeenPwned, and Leaked Source hasn’t posted a link [Broken URL Removed] to the database on their main page. So there’s no way to know for sure at the time of this writing if your information has been made public. It’s best to assume that it has.
Is It Really That Bad?
This hack could have serious repercussions. Sites like AdultFriendFinder and its affiliates collect important information that could be used by identity thieves. Your name, email and physical addresses, and phone number are all crucial to identity theft. If you notice any suspicious financial activity after a breach like this, contact the relevant institutions immediately.
The fact that these particular sites are adult-oriented means that this information could potentially be used for blackmail as well. If your hookups, one-night stands, and sexual preferences were to be made public, what would you do or pay to prevent it? It’s a sobering thought. Whether or not you want to bring up the fact that your name might be on one of these lists with someone close to you is a tough decision, too.
There’s always the risk of simple mayhem, as well. Plenty of hackers are out just to cause problems for other people. This could mean deleting your other accounts, taking over your social media feeds, sending spam or malware to the people in your email contact list, and many other things that aren’t inherently as bad as identity theft or blackmail, but are still really annoying.