Adult dating and entertainment company FriendFinder Networks has been hit by a cyber attack which has reportedly exposed account details of its 412 million users.
The cyber attack was carried out on AdultFriendFinder, Cams.com, Penthouse, Stripshow and/or iCams.com, which are all owned by FriendFinder Networks.
While the details of 339 million accounts from AdultFriendFinder.com were exposed in the attack, Cams.com saw 62 million accounts being disclosed.
The hackers also gained access to more than 15 million “deleted” accounts that were not removed from the databases.
Penthouse.com saw the attack exposing details of 7 million accounts, while the hackers obtained a few million from other smaller properties owned by the company, ZDNet reported.
According to LeakedSource, which obtained the data, the breach accounted for two decades’ of accumulated data from the company’s largest sites.
Friend Finder Networks confirmed the site vulnerability to ZDNet, but did not confirm the attack.
Friend Finder Networks vice president and senior counsel Diana Ballou was quoted by the publication as saying: “Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources.
“Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation.
“While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability.”
The breach took place when a security researcher Revolver had revealed that the AdultFriendFinder site contained a local file inclusion flaw.
The researcher said that the flaw, if successfully exploited, could enable a hacker to remotely run malicious code on the web server.
However, the attacker is yet to be identified.
The latest breach is the second faced by FriendFinder Networks after a hack last year that exposed nearly 4 million accounts, which included sensitive information, including sexual preferences and whether a user was looking for an extramarital affair.
In the current attack, the data does not seem to contain sexual preference data unlike the 2015 breach, the publication said.