More than 412 million Friend Finder Networks accounts have been exposed in one of the largest personal data breaches in history.
Criminal marketplaces are selling user names, emails and passwords linked to 339 million AdultFriendFinder.com accounts, 62 million Cams.com accounts, 7 million from Penthouse.com and a few million from other smaller properties.
The breach includes the “deleted” accounts of more than 15 million former users of AdultFriendFinder.com, which describes itself as “the world’s largest sex and swinger community”.
Friend Finder Networks sold Penthouse.com to Penthouse Global Media in February, raising questions about why the network still holds the data.
It’s the second time in two years that Friend Finder Networks has been hacked. In 2015, four million accounts were exposed, including information about users’ sexual preferences and whether they were looking for an affair.
LeakedSource, a breach notification website, said it was able to crack the passwords of more than 99% passwords revealed in the databases.
It’s not yet clear who carried out the attack.
Diana Ballou, Friend Finder Networks vice president and senior counsel, told ZDnet.com:
“Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation.”
“While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability.
“FriendFinder takes the security of its customer information seriously and will provide further updates as our investigation continues.”
A spokesperson for the Information Commissioner’s Office told the Huffington Post it would be investigating the breach:
“It’s early days but we are aware of this incident and will be liaising with our international counterparts to find out more. If UK users are affected we will be asking questions on their behalf. People have a right to expect that companies keep their personal information secure.”
The spokesperson added that victims should visit its website for advice on how to guard against identity theft.
Earlier this year, it was revealed that around half a billion Yahoo user accounts were stolen by a state-sponsored hacker.