If you have ever created an account for one of the pornography or adult dating sites run by FriendFinder Networks, including AdultFriendFinder.com and Penthouse.com, you should change your passwords immediately.
FriendFinder Networks is the latest company to experience a massive hack, resulting in the leak of over 412 million user accounts. To put that into perspective, last year’s Ashley Madison hack affected 32 million users.
This attack, which took place in November, exposed user data from several of Friend Finder Network’s websites, including AdultFriendFinder.com, Penthouse.com, Cams.com and other adult webcam sites. A leaked database from the hack exposed the email addresses, passwords, browser information, IP addresses and membership information of users.
According to Leaked Source, a breach notification website that first reported the Friend Finder Network attack, the database includes over 15 million deleted accounts that weren’t removed from Friend Finder Network’s database.
“Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation,” Diana Ballou, vice president of Friend Finder Networks, said in a statement to ZDNet.
Currently, the only other breach that comes close to matching the FriendFinder Networks hack in size is the MySpace data breach, which resulted in over 359 million user accounts being leaked online.
Data breaches from adult dating sites can be damaging for users. Some users identified in the Ashley Madison data breach experienced blackmail and threats for months following the hack.
But what’s more troubling is how many people used weak passwords for their FriendFinder accounts.
“123456” was the most commonly used password found in the leaked database, according to Leaked Source. That password was used over 900,000 times.
“12345” was used over 635,000 times and “123456789” appeared over 585,000 times.
Experts warn that the sheer volume of user data leaked as a result of this breach, coupled with these poorly created passwords, could result in a domino effect of smaller data breaches – especially if people used those same passwords for various online accounts.
If you are worried your information may have been leaked as a result of this breach, experts recommend that you change your password immediately. If you used the same password for any of your other online accounts, you should also change them right away.
Tips for creating secure passwords
Stay away from easy-to-guess passwords like “123456″ or “password” and easy-to-guess identifiers, like your dog’s name.
Numbers included in a password should never be something easy to guess based on the user. That means your age, the current year, or your address are not good choices. Similarly, the longer the password the better.
Passwords that use up to ten upper- and lower-case letters mixed with numbers are proven to be more secure – despite being hard to remember.
One tip is to construct a password from a sentence, mix in a few upper case letters and a number – for example, “There is no place like home,” would become “tiNOplh62.”
And remember, try not to use the same password for any two accounts.