Any large breach of sensitive information like usernames and passwords represents a privacy catastrophe. However, when those credentials link breach victims to sex sites, the consequences go beyond the probability of a hacked credit card or Twitter account and into the realm of embarrassment and blackmail.
On Sunday, the website Leaked Source, a repository of breached data, disclosed that hackers had compromised the online hookup and relationship firm FriendFinder and stolen 412 million users’ information, including usernames, passwords, and email addresses. The information comprises over 339 million accounts on AdultFriendFinder.com–that advertises itself as the "the world’s largest sex & swinger community"–as well as tens of thousands of millions of accounts from Penthouse.com and Stripshow.com. Though Leaked Source reports that some of the leaked passwords were cryptographically hashed to protect themothers were abandoned unencrypted, and even the secure ones were easily cracked in almost all cases. "Neither method is deemed protected by any stretch of the imagination," Leaked Source composes.
Within an email to WIRED, a spokesperson for Leaked Source says it obtained the information from an "underground source who wishes to remain anonymous," but it checked some of hacked credentials to get some AdultFriendFinder accounts against preceding leaks of information from a hacked password supervisor to confirm that they were real. ZDNet also got a part of the information and verified its authenticity by contacting affected users.
Leaked Source chose to not release FriendFinder’s leaked data. However, the website ‘s spokesperson warns WIRED there’s little question it’s been dispersed elsewhere online–that the website often learns of hacker breaches through shadowy net marketplaces and hacker forums. "FriendFinder users ought to really be concerned that people beyond the affected business know they registered to such a website," the spokesperson says. "In almost no instances are we the only ones with leaked consumer information. "
Users who once registered on among FriendFinder’s hookup or pornography sites and later deleted their accounts might still be caught up from the information spill. Based on Leaked Source, 15 million of the breached usernames and passwords seem to have been from users who planned to delete their account but whose details were retained by the business. This is actually the second time in a year that FriendFinder has been hacked; the earlier one, in May 2015, affected 3.5 million users.
FriendFinder didn’t instantly respond to WIRED’s request for comment regarding how it may be working to fix the harm from the breach.
Few forms of cookie compromise is often as harmful to victims as those that reach into their secret sex lives. When extramarital affairs site Ashley Madison was hacked this past year, the people flow of 32 million users’ accounts allegedly led to at least three suicides.
FriendFinder users can simply expect that the leaked information remains relatively hidden.In that the Ashley Madison instance, by contrast, data was widely circulated and even made searchable on an extremely trafficked website.
For the breach’s sufferers, the usual post-hack advice applies: Immediately change your passwords over the affected sites if FriendFinder hasn’t nonetheless reset themas well as on any website where you’ve reused those passwords. mynaughtyaffair.com/xmeets But in this situation, sufferers must also stay tuned for any indication that the leaked information has been printed in plain view–and brace for what might yet become a more severe breach of the life.