What Data was Obtained in the Adult Friend Finder Leak?

The Adult Friend Finder leak compromised the privacy of millions of individuals. Learn how to recover your personal privacy with our guide. 

In November 2016, technology news sites reported AdultFriendFinder suffered a massive Data Breach. The breaches occurred in October and went unaddressed for weeks, affecting almost 412 million accounts of the world’s largest sex and swinger community online.

The interesting part is that not only the active users were affected, but also 15 million deleted accounts were also exposed and were among the leaked data. Besides the Friend Finder networks, there were six compromised databases similar to FriendFinder networks – like Cams.com and Penthouse.com.

Apart from the personal data, some sensitive details were also exposed in the Adult Friend Finder leak, like extramarital affairs and purchases made, and sexual preferences by the website users. Also, the source code was available for purchase on the Dark Web. Since over 400 million accounts were under attack, the huge database was converted onto the dark web, and the malicious hackers sold the data of the accounts exposed.

Unfortunately, if you were a user of Adult Friend Finder at that time, the certainty that your data was also included in the hack is really big, since no account was spared. Besides the sensitive data, the hackers got email addresses and passwords and join dates to the network.

This was not the first AdultFriendFinder breach, but it was the largest one. A security researcher going with the name Revolver on Twitter was the one who exposed the flaw and the hackers were able to use the local file inclusion flaw and inject and run a code on their server, which led to one of the largest data breaches in that decade.

Can AdultFriendFinder be used for Identity Theft?

For sure it can be used in a malicious manner. Of these hundreds of millions of breached accounts, over 78.000 of them were created from a military email address and over 5000 were from .gov emails, meaning that the users were government employees. These are accounts that are at risk because they can make false extortion attempts and try to scam the users for money.

Besides the extortion attempts, these email addresses are also targets for phishing and malware attacks, since the hackers have access to many personal details that they can include in such attacks.

There are some steps that every internet user should follow in order to protect themselves from such data breaches as the one that happened to the Friend Finder website. Here are some of the points to take care of:

  • Change passwords frequently, use 2-Factor authentication, and don’t have your passwords stored on your browsers.
  • Do not save your credit card records on the browser and use it only if needed.
  • Always have your antivirus programs, operating systems, and firewalls updated to the latest versions.
  • Watch out for phishing and scammy emails and do not press on any links that you receive from an unknown domain or e-mail addresses.

The ultimate advice here is to be careful with your data when sharing it on the internet. No matter if you create a new account, email address, or social media profile, always be aware of your privacy, since it can be targeted and misused.

Five things to know about the most sensitive security breach

When it comes to protecting the sites hosting user accounts and passwords, or any customer information, there are some regulations that you need to follow and actually have amazing security and support that you need to provide to your users.

There are several points that we are going to cover and details to provide about the Friend Finder data breach that you can use to avoid similar cases on your websites.

Adult Friend Finder Still Works

Even after the breach happened to this website and the other sites included in the same attack, the Friend Finder still works and continues to serve the same topic as before. The site is still highly ranked and is among the best 200 websites in the United States and the Top 20 Adult sites globally.

They are having around 50 million visits monthly, mostly from the States and from many other English-speaking countries. Their cheapest subscription is $19.95 per month with a minimum of 12 months’ commitment. This also shows that even besides the breach, people are going to use their service, but it’s good that they are aware of what happened and are more conservative when sharing the details on this platform.

Not the first Breach on Adult Friend Finder

A similar breach happened a year prior, in 2015 on the same service. With around 3.5m users affected, the data was exposed on the dark internet on 15 Excel files with details like IP addresses, handles, countries, states and zip codes, emails and birth dates, and many more personal details.

In the leaked source there were also sexual orientations for every user that was affected and every extramarital affair that they were after. This was a hack performed by a Thai hacker using the handle ROR that was active on the Tor onion service forum.

The Security at the time of the Data Breach was imperfect

It appears that the first breach was not taken seriously and the security was really not improved from the website’s end. In the second breach that happened in 2016, the same exploit was used as before.

Internet analysts stated that a big portion of the passwords were plaintext passwords and easily hackable. One of the huge reasons for these attacks was that the website dated from 1996 and its systems were old and not updated. This was the main reason that the hackers were able to find a crack and initiate the breaches.

The Breach can be Sensitive

This type of breach can certainly be sensitive since personal and private data was exposed and the users were “uncovered” for what they were doing. It was awkward and embarrassing for every user that was exposed.

Another sensitive point about it is that the users usually share their secrets, no matter if they are false or true, but surely they do not want to have these details to be connected with them. This means that such websites need to have better security and take better care of their customers. Many of those users were attacked personally and extorted for money in order for their secrets to remain secret.

The 2016 Friend Finder Networks Breach was the Largest

The leak that happened in 2016 was one of the largest leaks with hundreds of millions of accounts affected. To be exact, over 412 million accounts were leaked with usernames and passwords.

In 2016, there were also two Yahoo! security breaches, but they didn’t get the fame as Adult Friend Finder since the data leaked from these sexual websites was sensitive and shadowed the Yahoo breach.

To summarize, this hack and leak was one of the most talked-about events in the hacking world in 2016 and still serves as an example of how not to handle security and protect your website that works with so much sensitive data.

People are still having a hard time recovering from this attack, but everybody draws a good conclusion when it comes to oversharing personal and private data online.

Need help with getting your personal info off the web? Contact us now!