Folks, it’s getting to the point where the average punter can’t casually log onto a seedy sex and swingers website without copping the all-pervading fear that their privacy is about to be thoroughly violated by external actors. SMDH.
The latest hack comes outta AdultFriendFinder – the casual sex and swingers social network – with reports indicating that the details of a massive 400 million accounts has been leaked. Among them are people who, presumably, do not want their details leaked.
The details include customers’ e-mail addresses, IP addresses last used to log-in to the site, and passwords.
Around 339 million accounts were stolen from AdultFriendFinder.com itself, with a further 62 million accounts from sister site Cams.com and 7 million from Penthouse.com.
Apparently, the passwords were not store securely – with indications they were either in plaintext or using the now widely discredited SHA1 hashing algorithm. Friend Finder Networks confirmed in a statement the vulnerability, but dodged answering anything about that whole 400 million accounts dealio:
Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation.
While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability.
FriendFinder takes the security of its customer information seriously and will provide further updates as our investigation continues.
Welp. If you’ve got an angry/spouse or partner who is about to plug your email address into a database search, we’re praying for you.
Source: Ars Technica.