412 million Friend Finder Networks accounts hacked
What's the story
Friend Finder Networks, an adult pornography, and dating site was hacked, revealing the private details of almost 412 million accounts. This hack from October has revealed passwords, email addresses, browser history, dates of last visits, IP addresses and site membership status etc. According to monitoring firm Leaked Source, this is one of the "largest data breaches ever recorded" in history.
Introduction
What is Friend Finder Networks?
Friend Finder Networks runs "one of the world's largest sex hookup" sites Adult Friend Finder, with 40 million members that log in once in every 2 years, and 339 million accounts. It operates live sex camera site Cams.com, that has more than 62 million accounts. It also runs Penthouse.com- an adult site with over 7 million accounts, and Stripshow.com, iCams.com with 2.5 million accounts.
Historical
Not the first security hack for Adult Friend Network
In May 2015 the personal information of 4 million users was exposed by hackers, which included their "login details, emails, dates of birth, postcodes, sexual preferences and whether they were seeking extramarital affairs."
Past hacks
Previous such hacks: MySpace, Yahoo, Ashley Madison
In 2013, MySpace hack led to the disclosure of 359 million MySpace users. In 2014, Yahoo security was compromised which led to as many as 500 million accounts being compromised- the largest hack. In 2015, another adultery site Ashley Madison was hacked and 33 million user accounts were hacked by a group called "Impact Team" on 20 July.
Reason behind the hack
Adult Friend Finders' weak security led to the hack
Data monitoring services revealed that the FFN hack took place because passwords were stored in SHA1 hashed (peppered) or plain visible format. Neither is considered secure. The hackers had a field day as the passwords were altered and were in lowercase, rather than case specific as the users entered originally, which made it easier to break in.
Personal
Startling details revealed
The hacked account details revealed that 78,301 accounts belonged to "US military email addresses, 5,650 US government email addresses and over 96 million Hotmail accounts."