412 million Friend Finder accounts exposed by code hackers

412 million Friend Finder accounts exposed by code hackers

Hacked records connected to AdultFriendFinder.com, Cams.com, iCams.com, Stripshow.com, and Penthouse.com

Six databases from FriendFinder Networks Inc., the business behind a number of the world’s biggest adult-oriented social sites, were circulating online given that they had been compromised in October.

LeakedSource, a breach notification site, disclosed the event completely on Sunday and stated the six compromised databases exposed 412,214,295 reports, utilizing the majority of them originating from AdultFriendFinder.com

It’s thought the incident occurred just before October 20, 2016, as timestamps on some records suggest a final login of october 17. This schedule can be significantly verified by the way the FriendFinder Networks episode played away.

On October 18, 2016, a researcher whom passes the handle 1×0123 on Twitter, warned Adult FriendFinder about Local File Inclusion (LFI) vulnerabilities on the internet site, and posted screenshots as evidence.

When expected straight in regards to the problem, 1×0123, that is additionally understood in a few sectors by the title Revolver, stated the LFI had been found in a module on AdultFriendFinder’s production servers.

Maybe maybe Not very long after he disclosed the LFI, Revolver claimed on Twitter the presssing issue had been solved, and “. no consumer information ever left their web site.”

Their account on Twitter has since been suspended, but during the time he made those responses, Diana Lynn Ballou, FriendFinder Networks’ VP and Senior Counsel of business Compliance & Litigation, directed Salted Hash in their mind in reaction to follow-up questions regarding the event.

On 20, 2016, Salted Hash was the first to report FriendFinder Networks had likely been compromised despite Revolver’s claims, exposing more than 100 million accounts october.

The existence of source code from FriendFinder Networks’ production environment, as well as leaked public / private key-pairs, further added to the mounting evidence the organization had suffered a severe data breach in addition to the leaked databases.

FriendFinder Networks never offered any extra statements regarding the matter, even with the excess documents and supply rule became general public knowledge.

As previously mentioned, previous estimates put the FriendFinder Networks information breach at a lot more than 100 million records.

These very early quotes had been on the basis of the measurements associated with the databases being prepared by LeakedSource, in addition to provides being created by other people online claiming to own 20 million to 70 million FriendFinder documents – many of them originating from AdultFriendFinder.com.

The main point is, these documents exist in numerous places online. They are being shared or sold with anybody who could have a pastime inside them.

On Sunday, LeakedSource reported the count that is final 412 million users exposed, making the FriendFinder Networks leak the greatest one yet in 2016, surpassing the 360 million documents from MySpace in might.

This information breach additionally marks the 2nd time FriendFinder users experienced their username and passwords compromised; the 1st time being in might of 2015, which impacted 3.5 million individuals.

The numbers disclosed by LeakedSource on include sunday:

    339,774,493 compromised documents from AdultFriendFinder.com

62,668,630 compromised documents from Cams.com

7,176,877 compromised records form Penthouse.com

1,135,731 records that are compromised iCams.com

1,423,192 compromised documents from Stripshow.com

  • 35,372 compromised documents from a domain that is unknown
  • All the databases have usernames, e-mail details and passwords, that have been kept as ordinary text, or hashed SHA1 that is using with. It really isn’t clear why variations that are such.

    “Neither technique is regarded as protected by any stretch of this imagination and moreover, the hashed passwords appear to have been changed to any or all lowercase before storage space which made them much easier to strike but means the qualifications should be somewhat less ideal for harmful hackers to abuse when you look at the real-world,” LeakedSource said, talking about the password storage space choices.

    In most, 99-percent associated with the passwords within the FriendFinder Networks databases were cracked. By way of scripting that is easy the lowercase passwords aren’t likely to hinder many attackers who’re trying to benefit from recycled qualifications.

    In addition, a few of the documents when you look at the leaked databases have actually an “rm_” before the username, that could indicate a treatment marker, but unless FriendFinder verifies this, there’s no chance to be sure.

    Another fascination into the information centers on records with a message target of email@address.com@deleted1.com.

    Once more, this might suggest the account ended up being marked for removal, however, if therefore, why ended up being the record completely intact? Exactly the same might be expected for the accounts with «rm_» within the username.

    Furthermore, it is not clear why the business has documents for Penthouse.com, a house FriendFinder Networks offered early in the day this to Penthouse Global Media Inc year.

    Salted Hash reached away to FriendFinder Networks and Penthouse worldwide Media Inc. on Saturday, for statements and also to ask questions that are additional. By the time this short article had been written nevertheless, neither business had answered. (See update below.)

    Salted Hash additionally reached away to a number of the users with current login documents.

    These users had been section of an example range of 12,000 documents provided to the news. Not one of them reacted before this informative article decided to go to printing. During the exact same time, tries to start records because of the leaked current email address failed, due to the fact target had been within the system.

    As things stay, it looks just as if FriendFinder Networks Inc. happens to be completely compromised. Billions of users from all over the world have experienced their reports exposed, making them available to Phishing, and on occasion even even worse, extortion.

    This really is specially detrimental to the 78,301 those who utilized a .mil email, or perhaps the 5,650 those who utilized a .gov current email address, to join up their FriendFinder Networks account.

    Regarding the upside, LeakedSource just disclosed the scope that is full of information breach. For the time being, use of the information is bound, and it also will never be designed for public queries.

    For anybody wondering if their AdultFriendFinder.com or Cams.com account happens to be compromised, LeakedSource claims it is better to simply assume this has.

    “If anybody registered a merchant account just before November of 2016 on any Friend Finder web site, they ought to assume these are typically affected and plan the worst,” LeakedSource said in a declaration to Salted Hash.

    On the bumble lawsuit web site, FriendFinder Networks claims they do have more than 700,000,000 users that are total distribute across 49,000 web sites in their system – gaining 180,000 registrants daily.


    FriendFinder has granted a significantly general public advisory about the info breach, but none of this affected sites have already been updated to mirror the notice. As a result, users registering on AdultFriendFinder.com wouldn’t have an idea that the organization has experienced an enormous protection event, unless they’ve been after technology news.

    In line with the declaration posted on PRNewswire, FriendFinder Networks will begin notifying users that are affected the information breach. Nonetheless, it’sn’t clear should they will alert some or all 412 million records which were compromised. The business continues to haven’t taken care of immediately concerns delivered by Salted Hash.

    “Based regarding the ongoing research, FFN will not be in a position to figure out the actual number of compromised information. Nonetheless, because FFN values customers and takes to its relationship really the security of client information, FFN is within the procedure of notifying impacted users to offer these with information and assistance with the way they can protect by themselves,” the declaration stated to some extent.

    In addition, FriendFinder Networks has employed some other company to help its research, but this company wasn’t known as straight. For the present time, FriendFinder Networks is urging all users to reset their passwords.

    In an appealing development, the news release ended up being authored by Edelman, a strong known for Crisis PR. Ahead of Monday, all press demands at FriendFinder Networks had been managed by Diana Lynn Ballou, which means this is apparently a change that is recent.

    Steve Ragan is senior staff journalist at CSO. just before joining the journalism globe in 2005, Steve invested 15 years as being a freelance IT specialist centered on infrastructure administration and safety.