Adult friend finder network
More than 900,000 accounts used the password "123456," 101,046 used "password," tens of thousands used words like "pussy" and "fuckme" -- which we suppose is exactly what Friend Finder did to the user by storing their passwords so recklessly.
But wait, there's more embarrassment to be had by all.
The compromised information included sexual preferences and personal details, whether they are gay or straight, and whether they are seeking extramarital affairs, along with email addresses, usernames, dates of birth, postcodes and the unique internet addresses of users' computers.
In that instance, Tek Security had discovered the files on a darknet forum, and noted that AFF hadn't reported the breach.
Everyone involved believed this was just the beginning of a massive data breach.
After their October disclosure got Friend Finder's attention, Revolver tweeted that FFN's security issue was resolved and "no customer information ever left their site" -- which was clearly untrue. Friend Finder Network conceded in a press release that it was "addressing a security incident involving certain customer usernames, passwords and email addresses" on Monday.
In May 2015, Adult Friend Finder was hacked, and the attackers exposed details of nearly four millions users.first reported the discovery of a serious security issue with FFN then revealed the beginning of this massive database catastrophe.In October, a researcher who went by the names "1x0123" and "Revolver" posted screenshots on Twitter showing what's known as a Local File Inclusion vulnerability on Adult Friend Finder.It's not bigger than Yahoo's abysmal security apocalypse, during which we just found out 500 million accounts were compromised in 2014.Yet FFN's epic catastrophe far exceeds the likes of e Bay (145M), Anthem (80M), Sony (77M), JP Morgan Chase (76M), Target (70M) and Home Depot (56M).They wrote about the files saying, "there is a ton of personally identifiable information (PII) sitting in a forum on the Darknet that has been viewed 1,756 times."Driving home the harm to consumers, the post explained, "It is unknown how many times the breached data files have been downloaded.Though the files were stripped of credit card data, it is still relatively easy to connect the dots and identify thousands upon thousands of users who subscribe to this adult site."Security is one area in which adult and porn sites are far behind, and no matter how you feel about sex work and adult entertainment, they are arenas in which strong security should be a priority for all involved.Making it worse than a typical security fail is what's in the data.The snatched records contain usernames, email addresses and passwords -- nearly all of which are visible in plain text.Revolver is known for finding adult website security issues, and they confirmed to that the flaw was being actively exploited.Right away, Leaked Source began to receive files from Friend Finder's databases -- some 100 million records.