The details of up to 412 million people have been exposed following a hack of the "sex hookup" website AdultFriendFinder. ScreenGrab/ AdultFriendFinder. A major data breach to the sex and swingers website Adult Friend Finder could trigger a series of follow-on hacks, security researchers have.
While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability, she said.
Adult FriendFinder, a dating website that got hacked last year, is investigating claims that millions of customers have had their personal information exposed in a second hack. The potential damage could affect 412 million accounts because the company, Friend Finder Networks, has so many different.
Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation, said Diana Ballou, vice president and senior counsel, in an email on Friday.
A previous hack of AdultFriendFinder data exposed users sexual preferences and marital status along with birth dates and email addresses. According to ZDNet, the current breach includes less intimate data, instead including primarily usernames, email addresses, and passwords.
It is the second time in as many years that Adult Friend Finder has been hacked, following 3.5 million user records being exposed in May 2015. Data reportedly breached in the latest hack includes email addresses, passwords, IP addresses and site membership status.
Penthouse Global Media in February. Get Data Sheet, Fortunes technology newsletter. The culprit in the breach has not been identified. ZDNet independently verified the data, but FriendFinder Networks has not yet publicly acknowledged the extent of the breach.
ZDNet was also able to verify the authenticity of the database by contacting some of the users. Other methods were used for verification and you can see them outlined here. One user that ZDNet contacted confirmed that he had used the site once or twice.
CNNM oney (New York) First published November 14, 2016: 7:33 PM ET.
If confirmed, this would be the second embarrassing episode for the company. Last year, a hack exposed the sexual secrets of 3.5 million Adult FriendFinder users. That time, the company scrambled to calm down users who were worried that their listed sexual preferences would go.
FriendFinder takes the security of its customer information seriously and will provide further updates as our investigation continues, she added. While the numbers are huge, the lack of personal data gives hope that we will not see the kind of extortion that followed the.
Subscribe to Newsweek from 1 per week. If Adult Friend Finder users have the same password for multiple sites and online services, criminals could use it to compromise other accounts. Similarly, personal details could be used in phishing campaigns that use such information as bait.
Storage of clear-text passwords is inexcusable in todays world, says Mike Raggo, chief research scientist at social media security firm ZeroFox. Prompt password changes for the impacted account, and any other accounts the user owns that may use the same password, should all be changed.