FriendFinder Data Breach Exposes 400 million+ Accounts

Pillsbury - Internet & Social Media Law Blog

FriendFinder Networks is a company in the adult entertainment, social networking, and online dating space. Several databases from FriendFinder Networks web sites with more than 412 million accounts, including usernames, e-mails, and passwords, have been breached and leaked.

November reports of this data breach on The Verge, LeakedSource and TechCrunch, to name a few, describe it as of one of the largest security breaches of 2016, and possibly the largest breach to date, surpassing the breach of approximately 360 million Myspace usernames, passwords and e-mail addresses reported earlier this year.

This would be the second time FriendFinder has been breached in two years. Unlike the 2015 data breach of FriendFinder that allegedly included sexual preference data, this most recent breach is only reported to include account usernames, e-mails, passwords, IP addresses and web browser information.

According to some reports, FriendFinder was breached using a Local File Inclusion exploit. Another reported problem is that FriendFinder allegedly stored user data (1) in a plain visible format or (2) by using the insecure SHA-1 (Secure Hash Algorithm 1). One web site, LeakedSource, created a table of the most commonly used passwords from the 2016 FriendFinder’s breach (top ten shown below):

Top Ten Most Commonly Used Passwords
And yes, we hope none of our readers use any of the passwords on this list.

A dynamic infographic titled “World’s Biggest Data Breaches”  of selected losses greater than 30,000 records provides a useful way to understand the scale of this problem across different types of organizations. (Note how the bubbles in the infographic representing the size of the data breaches keep getting larger each year.)

The increasing size and scope of user data breaches should serve as a reminder of the importance of continual evaluation and action: periodic third-party/outside audits of company web sites, web site development practices, and user account security practices, are all essential to mitigate the risk from large-scale data breaches.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Pillsbury - Internet & Social Media Law Blog | Attorney Advertising

Written by:

Pillsbury - Internet & Social Media Law Blog

Pillsbury - Internet & Social Media Law Blog on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.