A group that collects stolen data claims to have obtained 412 million accounts belonging to Friend Finder Networks, the California-based company that runs thousands of adult-themed sites in what it described as a "thriving sex community." See Also: Webinar | Beyond Managed Security Services: SOC-as-a-Service for Financial Institutions Leaked Source.com, a service that obtains data leaks through shady underground circles, believes the data is legitimate.Friend Finder Networks, stung last year when its Adult Friend Finder website was breached, could not be immediately reached for reaction (see Dating Website Breach Spills Secrets).The hack also revealed that the company had kept information on 15 million accounts that users had deleted, as well as information on users for assets it no longer owned, such as Penthouse.By comparison, the Ashley Madison hack that took place in July 2015 revealed 32 million accounts, although that attack was also accompanied by a more aggressive extortion campaign.It also has a slight benefit, as Leaked Source writes that "the credentials will be slightly less useful for malicious hackers to abuse in the real world." For a subscription fee, Leaked Source allows its customers to search through data sets it has collected. "We don't want to comment directly about it, but we weren't able to reach a final decision yet on the subject matter," the Leaked Source representative says.In May, Leaked Source removed 117 million emails and passwords of Linked In users after receiving a cease-and-desist order from the company.
One large sample of data provided by Leaked Source at first seemed to not contain current registered users of Adult Friend Finder.
The sites breached would appear to include Adult Friend Finder.com, i Cams.com, Cams.com, and Stripshow.com, the last of which redirects to the definitely not-safe-for-work playwithme[.]com, run by Friend Finder subsidiary Steamray.
Leaked Source provided samples of data to journalists where those sites were mentioned.
But the file "seems to contain much more data than one single site," the Leaked Source representative says.
"We didn't split any data ourselves, that's how it came to us," the Leaked Source representative writes.