More than a year after online dating site AdultFriendFinder.com suffered a hack that exposed sensitive account information for nearly four million users, the website and its parent company have reportedly been hit with a much larger breach affecting some 412 million accounts.

Leaked Source revealed that several services and sites under the Friend Finder Network were hacked in October 2016 exposing information tied to some 412 millions of accounts dating back 20 years.

A majority of the hacked accounts — about 340 million — are from AdultFriendFinder.com. Of the remaining affected accounts 62.6 million were from adult webcam site Cams.com, which carries the tagline “Where adults meet models for sex chat live through webcams,” 7.1 million are from Penthouse.com, 1.5 million from webcam site Stripshow.com, and one million from “Free Live Sex Cams” company iCams.com.

While the breach is significantly higher than the 40 million Ashley Madison accounts exposed last year, the information obtained is perhaps less threatening, including just email addresses, passwords, and registration dates.

According to Leaked Source, the breach likely occurred through a local file inclusion exploit that enabled hackers to access the data.

Of the accounts that were breached, Leaked Source believes some had either previously been deleted — about 15 million accounts — but the information had been kept in databases.

Leaked Source also notes that passwords for the affected accounts were likely stored by Friend Finder Network in a format that was either plainly visible or easily cracked.

As a result, Leaked Source says that some 99% of all passwords used on the site have now been exposed. A breakdown shows they weren’t exactly great to being with, for example, “123456” was used nearly a million times.

Leaked Source says that it will not make the breached data searchable to the general public.

A rep for Friend Finder Network tells ZDNet that it has received a number of reports related to a potential security vulnerability over the past several weeks.

“Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation,” the company said without directly confirming that user accounts were breached.

Sexual secrets for hundreds of millions exposed in largest hack of 2016 [Leaked Source]
AdultFriendFinder network hack exposes 412 million accounts [ZDNet]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.