It’s the Ashley Madison hack all over again. Except this time, the fallout may be much greater.
More than 400 million accounts have been exposed by a hack into FriendFinder Networks’ plethora of adult dating and pornography sites. AdultFriendFinder, marketed as the “world’s largest sex and swinger community”, is the primary target with 340 million users exposed. Popular sites including Penthouse.com were also affected.
The hack was first reported by LeakedSource, a breach notification Web site that specializes in bringing hacking incidents to the public eye, who is reporting this as the largest hack in history, surpassing the MySpace hack of 360 million. Hackers gained access to the network through a local file inclusion exploit. This is the second hack into the network over the last two years.
FriendFinder Networks has yet to confirm the hack, however a representative did confirm to The Washington Post that the company is investigating the situation.
“Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation,” the company said.
AdultFriendFinder has nearly 20 years of data including information like usernames, emails, join dates, passwords, and the date of a user’s last visit. The Ashley Madison hack fallout may pale in comparison to the information leaked here. The 412 million accounts exposed is more than 12 times the 32 million Ashley Madison accounts.
Ryan Wilson, CTO of Toronto-based CDN Top 100 Solution Provider Scalar Decisions Inc. spoke with ITBusiness.ca and warned about additional fallout to other Web sites that may occur because of this hack.
“We need to consider is that a lot of Internet users will use the same email address and password for multiple sites. So these sort of attacks aren’t just directed at Adult Friend Finder for example, it may have ripple effects into other online services and accounts,” Wilson said.
So far, leaked account details include 78,301 U.S. military email addresses, 5,650 U.S. government email addresses, and over 96 million hotmail accounts. 52 million U.K. addresses were leaked as well, including seven gov.uk email addresses, 1,119 from the Ministry of Defense, and 12 from parliament according to Telegraph.co.uk. The Web site is also reporting 54 U.K. police email addresses, and 2,028 from U.K. schools.