Catalin Cimpanu

• November 14, 2016
• 04:45 in the morning
• 0

FriendFinder Networks, the firm behind 49,000 adult-themed web sites, has been hacked and facts for 412,214,295 users has become changing fingers in hacking netherworlds over the past period.

The breach took place recently and provided historical data for the past 2 decades on six FriendFinder Networks (FFN) characteristics: Adultfriendfinder, Cams, Penthouse (today property of Penthouse), Stripshow. iCams, and an unknown website. Broken-down per site, the breach looks like this:

The very last login day part of the stolen documents are October 17, which almost certainly signifies the estimated date of this tool.

The foundation of the tool

On October 18, CSO on the web went a tale on a”self-proclaimed safety researcher that went by the nickname Revolver, or on Twitter (account today suspended), who mentioned the guy identified and reported a nearby File introduction (LFI) vulnerability on the Xxx Friend Finder internet site.

Surprisingly, Revolver mentioned the guy reported the problem to FFN, and “no consumer facts actually leftover their internet site,” no matter if a-day previously the guy had written on Twitter when “they call it hoax once more and I also will f***ing problem anything.”

This past year, Revolver also submitted screenshots on Twitter which he stated he previously the means to access the sexy America web pages. Seven days later, the slutty The usa user databases gone up for sale on TheRealDeal deep internet marketplace, albeit put-up available by another hacker referred to as reassurance.

Over the summertime, Revolver additionally said he had use of PornHub’s hosts, but PornHub representatives known as whole thing a hoax. Today, on a newly created Twitter profile, Revolver furthermore uploaded screenshots revealing that he have usage of RedTube hosts.

FFN more than likely hacked on October 17, 2016

Actually, gossip that Sex Friend Finder had gotten hacked, despite Revolver revealing the condition to FFN, emerged on October 20, if the exact same CSO on line have wind that about 100 million individual account had been taken.

The information using this hack at some point came according to the possession of LeakedSource, a web site that spiders community data breaches and helps to make the facts searchable through the web site.

Merely following LeakedSource investigations did the planet find out the genuine depth associated with fight, with numerous FFN websites shedding data as back as 1997.

In line with the SQL tables outline data, the databases did not integrate any seriously information that is personal about sexual choices or matchmaking routines.

In 2021, equivalent Sex buddy Finder website experienced a similar breach and lost profoundly personal information on 3.9 million people.

Now it absolutely was just usernames, e-mails, login dates, code tastes, passwords, and a few various other a lot more.

The majority of records included plaintext passwords

When it comes to passwords, LeakedSource states need cracked 99% ones. LeakedSource says that extreme part of the passwords are kept in plaintext but Recommended Reading that the company flipped on the SHA-1 algorithm at one point in earlier times. Nevertheless, FFN produced some vital issues.

“Neither technique is regarded as secure by any stretching in the creativeness and moreover, the hashed passwords seem to have come altered to all or any lowercase before storage space which produced all of them in an easier way to hit but means the qualifications should be a little much less a good choice for destructive hackers to neglect within the real-world,” a LeakedSource representative said.

an assessment of the most extremely put passwords shows that over 2.5 million consumers applied straightforward password by means of “12345” and modifications.

Testing with the data furthermore shared the clear presence of 15,766,727 e-mails formatted as “emailaddressdeleted1”. This kind of format is employed by companies that need keep information after users remove their unique reports.

LeakedSource said it isn’t adding this information to the list of searchable information breaches, for the time being.

During the time of authorship, FFN had not granted a general public report concerning the experience. LeakedSource states this is 2021’s biggest data breach. The Yahoo breach of 500 million consumer reports that concerned light in Sep 2021 really occurred in 2021.