IP Insights
Home  »  Learn  »  Hackers and Hoaxes  »  FriendFinder Hacked

If You've Been Naughty on the Internet, Better Cross Your Fingers

 Share the knowledge!

An adult website just got hacked. Customers are nervous, regretful.

There's a good chance that some husbands and wives, boyfriends and girlfriends, soccer moms, up-and-coming young executives and politicians (and millions more) are holding their breath, hoping for the best, changing their ways and may even be headed to church soon.

That's because an adult-oriented website, FriendFinder.com, was hacked in late 2016 and information relating to more than 400 million personal accounts on the site was stolen. Some of the information—usernames and passwords, primarily—had been kept on the books, and on the website, for more than 20 years.

Bad news gets worse.

It seems that the same website was hacked 12 months earlier. If customers heard about it then but didn't change their ways, it came back to haunt them.

But even if they did change their ways, the news isn't good. News reports said that even customers of the site who perhaps changed their mind and deleted their accounts might still be exposed. That's because 15 million accounts that were supposed to have been deleted by FriendFinder, by customer request, were never taken completely off the books.

That's what you call, back luck.

FriendFinder users can only hope that the leaked data remains relatively hidden and not made public and "searchable on a highly trafficked website." That's what happened in 2015 to the website for married people looking for affairs, Ashley Madison. Millions of their customers' names, addresses, email addresses and more were stolen, published and spotlighted by hackers.

FriendFinder.com, it seems, is an umbrella for a handful of online adult-themed sites, including AdultFriendFinder, which accounted for about 60 million users. Customer credentials were also taken from Penthouse.com, Cams.com, Stripshow.com and...well, you get the R-rated picture.

Nervous time.

So far, the group that reported the hack, LeakedSource.com, has not formally published the stolen information, but security experts say the information is out there for others to find, see and possibly post on the Internet.

According to news reports, LeakedSource.com is "an anonymously run website that sells access to stolen records." Some security experts say that LeakedSource published more than 2 billion records in 2016, including stolen customer data from hacker attacks on LinkedIn and MySpace.

But LeakedSource.com wasn't the organization behind the hack. LeakedSource itself hinted that an anonymous hacker group reported in October that they had infiltrated the AdultFriendFinder.com network (run by FriendFinder) and found a programming flaw. That flaw, which hackers search for hoping to find, opened the door to user information.

Why did they choose to attack an adult-themed website, one that you might call a "gaming" website for the lonely, lustful and leery? It could simply have been a hack of opportunity.

Take action. Change your ways.

A spokesman for FriendFinder Networks couldn't confirm LeakedSource's claims, but admitted they were "investigating reports of potential security vulnerabilities." Still, they took swift steps to notify their customers of the potential attack and provided tips on how they might protect themselves.

For the victims who have been affected—and may be exposed—by the hack on FriendFinder, the following advice applies:

  • Immediately change your password on any of the affected adult-themed websites named above; FriendFinder may have notified you that your old password no longer works
  • If you have used the same email address and password on any other site, change that login information immediately, as well. Hackers try to use stolen information to hack into totally unrelated accounts
  • Stay tuned for any sign that the leaked data has been published in plain view—and hope no one sees an email address (yours!) that they recognize
  • Keep your fingers crossed that you've changed your email address a few times in the past 20 years, because the stolen user information includes two decades of customer email addresses and passwords, according to LeakedSource.com.
  • You might want to avoid adult-themed sites that ask for your email address and credit card information.

Related Articles

Facebook Google+ Twitter