The parent company of AdultFriendFinder and Cams.com has reportedly been hacked, and hundreds of millions of accounts have been leaked online.
According to LeakedSource, Friend Finder Network was hacked through a local file inclusion (LFI) exploit. This allowed the attackers to gain access to the databases of all sites owned by the company. This includes AdultFriendFinder, Cams.com, Penthouse, Stripshow, iCams.com, and another “unknown domain”.
According to CSO Online, the LFI flaw with AdultFriendFinder was identified a few weeks ago. It is believed that this is the same one that is responsible for leak of customer information.
In total, over 400 million accounts were leaked. 339 million came from AdultFriendFinder, 62 million came from Cams.com, with smaller numbers coming from other Friend Finder Network sites.
The blog post detailing the hack is a damning read. Firstly, it shows that Friend Finder Network had failed to properly secure its passwords. Many were either stored in plaintext, with no protection whatsoever. Others hashed using the weak SHA1 algorithm, which is trivially easy to break.
If you had an account with AdultFriendFinder, or any of the sites mentioned above, and re-used your password on other services, you should change it. Like, now.
Worse, LeakedSource alleges that Friend Finder Network had retained the data of users who had deleted their accounts. “While perusing the data we noticed that a significant amount of users had an email in the format of: email@example.com@deleted1.com,” it said.
Leaked Source added, “It is impossible to register an account using an email that’s formatted this way which means the addition of “@deleted.com” was done behind the scenes by Adult Friend Finder.”
If this is true, it has the potential to make the Ashley Madison leak look tiny in comparison, with potentially disastrous consequences for its users. When Ashley Madison was hacked, many of its users became victims of extortion attempts.
I’ve reached out to Friend Finder Network for further information. When I hear back from them, I will update this post.