Adult friend finder leak
It also would be the second one to affect Friend Finder Networks in as many years.
In May 2015 it was revealed that 3.9 million Adult Friend Finder accounts had been stolen by a hacker nicknamed ROR[RG] (see Dating Website Breach Spills Secrets).
Others had been hashed, the process by which a plaintext password is processed by an algorithm to generate a cryptographic representation, which is safer to store.
Still, those passwords were hashed using SHA-1, which is considered unsafe.
At the time, FFN Vice President Diana Lunn Ballou released a statement saying: "We are aware of reports of a security incident, and we are currently investigating to determine the validity of the reports." In May last year 3.5 million Adult Friend Finder accounts were exposed in another hack.
Peter Martin, Managing Director at IT security firm Reliance ACSN said: "This breach on Adult Friend Finder is the second in as many years which raises serious alarm bells.
Troy Hunt, an Australian data breach expert who runs the Have I Been Pwned data breach notification site, says that at first glance some of the data appears legitimate, but it's still early to make a call. "I'd need to see a complete data set to make an emphatic call on it." If the data is accurate, it would mark one of the largest data breaches of the year behind Yahoo, which in October blamed state-sponsored hackers for compromising at least 500 million accounts in late 2014 (see Massive Yahoo Data Breach Shatters Records).
ALMOST 400 million accounts on sex and swinger site Adult Friend Finder have been allegedly exposed in what is believed to be the biggest security breach of its kind.
The scale of the hack, which was first reported last month, has only now been revealed by stunned data experts who said it is "the largest breach we have ever seen".
"We didn't split any data ourselves, that's how it came to us," the Leaked Source representative writes.
"Their [Friend Finder Networks'] infrastructure is two decades old and slightly confusing." Many of the passwords were simply in plaintext, Leaked Source writes in a blog post.