A hack against popular adult dating and entertainment company FriendFinder Networks exposed data related to more than 412 million user accounts, according to a report from breach notification site LeakedSource.
If the report is correct, that would make the breach one of the largest on record in terms of the number of accounts affected. It also would mark the second such incident at the company in two years.
FriendFinder Networks did not confirm or deny the breach when reached by The Washington Post. But the company said in a statement that it had “received a number of reports regarding potential security vulnerabilities from a variety of sources” and that it is investigating. "Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation," the statement said.
The Adult FriendFinder data stretched back 20 years and included information such as usernames, emails, join dates and the date of a user’s last visit, according to LeakedSource. Passwords were also included in the trove -- the vast majority of them featured unsecured protections or none at all, the report said.
LeakedSource said the alleged breach includes nearly 340 million accounts from flagship site Adult FriendFinder, plus data from other sites owned by FriendFinder Network, including Cams.com, as well as records from Penthouse.com, which was sold in February. The cache may also include 15 million email addresses connected to deleted accounts, according to LeakedSource.
The new owners of Penthouse.com said they are aware of the alleged breach. "[W]e are waiting on FriendFinder to give us a detailed account of the scope of the breach and their remedial actions in regard to our data," Penthouse Global Media chief executive Kelly Holland said in an emailed statement.
The information was stolen last month using a vulnerability exposed around the same time, LeakedSource reported.
The previous FriendFinder Network breach came to light in May 2015 and affected 3.5 million accounts. Both that hack and others in the adult industry, such as the 2015 Ashley Madison breach that exposed data from about 36 million users, pale in comparison to the scale of the latest alleged FriendFinder Networks data dump.
In fact, if LeakedSource is correct, only the massive Yahoo data breach disclosed in September, which hit more than half a billion accounts, exposed more user accounts. Unlike FriendFinder Networks, Yahoo is a mainstream service.