UPDATE: November 15, 2016 at 9:17 a.m. AEDT FriendFinder Networks told Mashable that the company has received a number of reports of potential security vulnerabilities.
“Immediately after learning of this information, we took several steps to investigate the situation and enlist the right external partners to support our investigation. Our investigation is ongoing, but we will continue to ensure that all potential and substantiated reports vulnerabilities are investigated and, if validated, remedied as quickly as possible.
“FriendFinder takes the security of its customers’ information seriously and is in the process of notifying affected users to provide them with information and advice on how they can protect themselves. We will provide further updates as our investigation continues.
For the last time, “123456” is not a correct password, folks.
AdultFriendFinder sex and dating site has been hacked for the second time (to our knowledge), according to the LeakedSource breach notification website, and the world’s really lousy password habits were once again exposed in the process.
Google’s new Pixel phone hacked in 60 seconds
The breach reportedly occurred in October, with more than 400 million accounts over more than two decades leaked. In addition to Adultfriendfinder.com, user information from sites like Stripshow.com and Penthouse.com has also been posted.
The California-based Friend Finder Networks, parent company of AdultFriendFinder, claims that 700 million people interact with at least one of their sites. Data from users of its Cam.com property, “one of the world’s largest providers of live webcams,” was also included in the hack.
Unsurprisingly, the passwords revealed in the latest data collection are terrible.
The three most used passwords? “123456”, “12345” and “123456789”. You have to go through the list all the way to number 13 until you find the slightly more original but still spectacularly unnecessary “pussy”.
LeakedSource has also selected some of the longest real passwords it has managed to find. Random sample: “schrodingersfavouritecat”, “ilovemanchesterunited” and “carlosfromcancun”.
The three most used passwords? “123456”, “12345” and “123456789”.
Echoing the AshleyMadison saga of 2015, it appears that around 15,766,727 deleted AdultFriendFinder accounts have not been deleted. In the case of the case site, the passwords were just as stupid.
A large amount of passwords were also stored insecurely in clear text by the site – an unacceptable decision, as LeakedSource pointed out, given that the site was already heavily hacked in 2015.
The personal data of nearly 4 million users was exposed in May 2015, including IP addresses, dates of birth, usernames and even sexual orientation.
ZDNet got a potion of the most recently hacked database to check, and found that it did not appear to contain information on sexual preferences.
Friend Finder Networks confirmed the site’s security vulnerabilities upon publication, but did not explicitly state that the hack took place.
“Over the past few weeks, FriendFinder has received a number of reports of potential security vulnerabilities from various sources,” said Diana Ballou, vice president and senior counsel. ZDNet.
“Immediately after learning of this information, we took several steps to investigate the situation and engage the right external partners to support our investigation.”
Mashable contacted Friend Finder Networks for more details.