A database (400 million accounts) of Friend Finder Networks sites hit the network.

LeakedSource information security specialists got a database of user accounts of Friend Finder Network Inc services, as evidenced by the corresponding entry in their blog. The main business of FFN are dating sites, for example, Adultfriendfinder.com, Cams.com and Penthouse.com. In total, the base consists of almost 400 million accounts. According to experts, this is the largest leakage of accounts in 2016.

According to analysts at LeakedSource, most of the information about user accounts was stored in clear form, or was protected using the SHA-1 hashing algorithm. As a result, about 99% of the data was decrypted.

In addition to problems with encryption, information security specialists point out the fact that most of the accounts have the form email @ address.com @ deleted1.com, that is, the company has stored information about user accounts after their official deletion. A total of 15.7 million such “remote” accounts were found in the database.

As usual, the combination “123456” (about 900 thousand) became the most popular password, followed by “12345”, “123456789”, “12345678” and “1234567890”. Traditional "password" and "qwerty" only at 7 and 8 places.
')
The most popular email services among FFN clients are hotmail (96.5 million), yahoo (74.5 million) and gmail (61.7 million). The e-mail addresses of the government domain .gov registered 78.3 thousand accounts.

One of the reasons for hacking is a recently discovered vulnerability through PHP injection . Friend Finder Network has not yet commented on the leak, and its source has not been disclosed by LeakedSource.