ALMOST 400 million accounts on sex and swinger site Adult Friend Finder have been allegedly exposed in what is believed to be the biggest security breach of its kind.The scale of the hack, which was first reported last month, has only now been revealed by stunned data experts who said it is "the largest breach we have ever seen".At the time, FFN Vice President Diana Lunn Ballou released a statement saying: "We are aware of reports of a security incident, and we are currently investigating to determine the validity of the reports." In May last year 3.5 million Adult Friend Finder accounts were exposed in another hack.Peter Martin, Managing Director at IT security firm Reliance ACSN said: "This breach on Adult Friend Finder is the second in as many years which raises serious alarm bells.Today's computers can rapidly guess hashes that may match the real passwords.Leaked Source says it has cracked most of the SHA-1 hashes.It also would be the second one to affect Friend Finder Networks in as many years.In May 2015 it was revealed that 3.9 million Adult Friend Finder accounts had been stolen by a hacker nicknamed ROR[RG] (see Dating Website Breach Spills Secrets).
"Their [Friend Finder Networks'] infrastructure is two decades old and slightly confusing." Many of the passwords were simply in plaintext, Leaked Source writes in a blog post.Some of the claims were actually extortion attempts.But the company fixed a code injection flaw that could have enabled access to source code, Friend Finder Networks told the publication."It’s clear the company has majorly flawed security postures, and given the sensitivity of the data the company holds this cannot be tolerated.A group that collects stolen data claims to have obtained 412 million accounts belonging to Friend Finder Networks, the California-based company that runs thousands of adult-themed sites in what it described as a "thriving sex community." See Also: Live Webinar | Empowering Your Human Firewall: The Art and Science of Secure Behavior Leaked Source.com, a service that obtains data leaks through shady underground circles, believes the data is legitimate.Over 7 million accounts on adult site were also released.The scale of the supposed breach is far greater than the 2015 hack of cheating site Ashley Madison, which saw 35 million members publicly exposed.CSOonline reported that someone had posted screenshots on Twitter showing a local file inclusion vulnerability in Adult Friend Finder.Those types of vulnerabilities allow an attacker to supply input to a web application, which in the worst scenario can allow code to run on the web server, according to a OWASP, The Open Web Application Security Project.In total nearly 340 million users accounts on "the world's largest sex and swinger community" are said to have been exposed.Meanwhile, webcam sex site has seen the details of over 62 million accounts released, with similar sites and i each having over a million accounts breached.