Friend Finder Networks, the company behind adult dating site AdultFriendFinder has been hit with a massive hack—exposing more than 400 million user accounts.
The news comes via LeakedSource, a site that monitors data breaches, which has obtained a copy of the stolen user accounts.
The 412 million accounts go back 20 years, it says, and the lion’s share comes from AdultFriendFinder — almost 340 million. Another 63 million come from adult webcam site Cams.com, 7 million come from adult magazine Penthouse.com, and over a million apiece from Stripshow.comand iCams.com.
It’s significantly larger than the hack of extramarital affairs dating website Ashley Madison back in 2015, which saw nearly 40 million user accounts leaked to the world. Significantly less information about users has been leaked, however—while Ashley Madison included everything from photos and sexual preferences to addresses, the Friend Finder breach is limited to more basic information like email addresses, passwords, and registration dates.
That said, given the nature of the sites affected, it has the potential to be compromising to some users if the data starts circulating widely. In the aftermath of the Ashley Madison attack, numerous users reported receiving extortion and blackmail attempts.
Passwords were encrypted, but insecurely, and LeakedSource says it has managed to crack 99 percent of them. It’s not clear who was behind the attack, though Leaked Source says it occurred in October 2016.
Friend Finder Networks did not immediately respond to Business Insider’s request for comment. But it told ZDNet, which also verified a sample of the data, that “over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation.” (It did not directly confirm that user accounts were stolen.)
2016 is shaping up to be a massive year for hacks. Multiple huge data breaches have come to light in recent months (though some occurred years ago), including the theft of 360 million MySpace accounts, a LinkedIn hack that took more than 100 million accounts, and the mammoth 500-million-account hack of Yahoo, apparently by a state-sponsored actor.
If a company gets breached or uses shoddy security practices, there’s little users can do about it. But you can mitigate the fallout by using a different, secure password for every site or service you have an account with, storing them with a password manager app if necessary. That way, if one of your accounts is compromised, your others aren’t too—because hackers often use user logins taken from one breach and try them on other sites. It’s also good practice to enable two-factor authentication, where available.
This isn’t even the first time AdultFriendFinder has been hacked. Back in May 2015, news broke that it was breached, albeit on a smaller scale—3.9 million user accounts were circulating online.