A new hack that targeted FriendFinder Networks may have compromised more than 412 million user accounts. FriendFinder Networks is the parent company of websites like Cams.com, AdultFriendFinder, Stripshow, iCams.com, and Penthouse. Security experts say that members of these websites have been advised to change their passwords to prevent further exploits.
This is the most recent hack targeting adult websites. In comparison, the Ashley Madison hack affected around 32 million users.
Hackers claim they were able to access FriendFinder Networks' servers last month and get their hands on more than 300 million user accounts. The hack exposed 62 million accounts from Cams.com, more than seven million accounts from Penthouse.com, more than 1.4 million accounts from Stripshow.com, more than 1.1 million accounts from iCams.com, and 35,000 accounts from an "unknown domain."
The hackers were able to get into FriendFinder Networks' computer system by exploiting a local file inclusion bug. The hack was first reported by Leaked Source which added that the data sheet would not be made searchable to the general public to protect the identity of the users.
According to Tech Crunch, FriendFinder may have made it easier for the hackers to acquire sensitive user information by either storing user passwords in plaintext without any security protection. Another possibility is that the firm may have stored the information using the SHA1 algorithm which is known for its weak protection methods.
FriendFinder Networks vice president and senior counsel Diana Ballou told ZDNet that "Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation."
Ballou added that FriendFinder Networks have identified the vulnerability and are working to fix the problem.