It cannot be stressed strongly enough, don’t use the same password for multiple online accounts. If one is hacked, it would be easy for the hackers to infiltrate your other accounts. And that is exactly what happed at the adult social networking site FriendFinder.
According to Leaked Source, FriendFinder has been infiltrated by hackers and they gained access up to 412 million users’ personal information. This breach happened sometime last month and potentially affects all sites under FriendFinder (its subsidiaries) like Cams.com, Penthouse.com, Stripshow.com, and iCams.com.
The hack was apparently executed via a local file inclusion exploit that provided the gateway for the hackers to access the rest of the network’s sites. LeakedSource has further said they will not make data on the leakage searchable to the general public.
How the FriendFinder Hack happened
Experts speculate that the hack could have taken place as a result of a number of reasons.
They could have stored user log in credentials in plaintext with no protection at all
The stored plaintext could have been stored and hashed using the SHA1 algorithm known for weak encryption
The company could have left the log in credentials on a site they no longer or less frequently monitor (such as Penthouse.com that was sold to Penthouse Global Media)
FriendFinder is also said to still keep the emails and passwords of users who have long deleted their accounts.
“Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigations,” said Diana Ballou, the FriendFinder Networks VP and Senior Counsel.