Adult Friend Finder: Hundreds of millions of users exposed

Next story

The world’s largest 18+ sex and swinger community is hacked for the second time in two years.

Adult Friend Finder, founded in 1996, is an adult social networking, online dating service, used for the sex and swinger community. It’s members only, and requires a paid membership which grants access to e-mail, private chat rooms, webcam and blogging, where members can chat and find others with similar interests.

The online dating website fell victim to a security breach in October 2016 as over 400 million account details, including e-mails, passwords and usernames, were stolen and leaked.

The FriendFinder Network seemed to have security problems as this happened after a previous breach in 2015, making it the second hack in two years.

The most recent breach included 15 million ‘deleted’ accounts, where members cancelled membership and FriendFinder didn’t have their data wiped from the system, just moved to a ‘deleted’ database. The customer data, passwords, email addresses and usernames had not been encrypted at all, meaning security levels were extremely low and vulnerable for an attack.

Mark James, ESET IT Security Specialist, explains the importance of creating good, strong passwords.

“This leaked data is astounding, the fact that people are still using the most common passwords we see time and again appearing on yearly lists of the worst passwords of all time is truly amazing.

“We know these passwords are out there, we know they are easily cracked, we know we should not be using them but we still do.

“It makes no sense; companies need to start putting in measures to stop these passwords being used.

“We have the lists, they have the lists, it’s a simple lookup. Whilst I appreciate it’s our responsibility to protect our data, there are some seemingly easy measures that could be put in place to stop the use of these extremely common words.

“I know there are some websites that already do this, so well done, but more need to step up and help those people who still do not understand the need for password sense.

“With the previous attacks we have seen on these types of websites you would have expected the password storage security to have been increased, but sadly this is not the case here.

The methods used were considered poor practise by some, and terrible by others. Companies need to step up and take control of how they store and manage our data.

“Yes it is our job to be responsible, but on the same note they should encourage high standards and do more than the required basics to keep it safe.”

Do you think websites should do more to judge whether your password is secure enough? Let us know on Twitter @ESETUK

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.