Penthouse.com saw the attack exposing details of 7 million accounts, while the hackers obtained a few million from other smaller properties owned by the company, ZDNet reported.
According to LeakedSource, which obtained the data, the breach accounted for two decades’ of accumulated data from the company’s largest sites.
Friend Finder Networks confirmed the site vulnerability to ZDNet, but did not confirm the attack.
Friend Finder Networks vice president and senior counsel Diana Ballou was quoted by the publication as saying: “Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources.
“Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation.
“While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability.”
The breach took place when a security researcher Revolver had revealed that the AdultFriendFinder site contained a local file inclusion flaw.
The researcher said that the flaw, if successfully exploited, could enable a hacker to remotely run malicious code on the web server.
However, the attacker is yet to be identified.
The latest breach is the second faced by FriendFinder Networks after a hack last year that exposed nearly 4 million accounts, which included sensitive information, including sexual preferences and whether a user was looking for an extramarital affair.
In the current attack, the data does not seem to contain sexual preference data unlike the 2015 breach, the publication said.
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.