Caught in AdultFriendFinder’s Massive Data Breach? Here’s What to Do

Dann Albright 15-11-2016

Less than 18 months ago, the extramarital-affair-enabling website Ashley Madison had a huge data breach 3 Reasons Why The Ashley Madison Hack Is A Serious Affair The Internet seems ecstatic about the Ashley Madison hack, with millions of adulterers' and potential adulterers' details hacked and released online, with articles outing individuals found in the data dump. Hilarious, right? Not so fast. Read More . Data from over 30 million accounts was posted online, and there was a flurry of shaming and finger-pointing all over the internet. You’d think the industry would have learned.


Alas, it did not. A similar website, AdultFriendFinder, which calls itself “the world’s largest sex and swinger community,” got hit, and over 410 million account details 300 Million AdultFriendFinder Accounts Have Leaked Online If you have an AdultFriendFinder account you should change your password immediately. Because Friend Finder Network, the parent company of AFF, has been hacked. Read More , including email addresses and passwords, have been posted online. It’s one of the largest breaches of all time.

What Happened This Time?

In October, AdultFriendFinder and multiple sister sites (including and were attacked. Websites under the control of Friend Finder Networks, the parent company, were vulnerable to a type of attack called local file inclusion. This attack gave hackers access to a number of Friend Finder databases, including billing information, member lists, and chat logs.


Friend Finder was also hacked last year, and the details of four million accounts was released. It appears they didn’t upgrade their security. This attack is much, much worse.

Among the information posted online were email addresses and passwords that hadn’t been securely encrypted, meaning that hackers could actually see plain text details. Obtaining an encrypted password What All This MD5 Hash Stuff Actually Means [Technology Explained] Here's a full run-down of MD5, hashing and a small overview of computers and cryptography. Read More won’t do an attacker much good, but actually obtaining email addresses and passwords not only compromises the identity of users, but also opens them to further attacks.


Adding insult to injury, a lot of deleted accounts — potentially up to 15 million — still had their information stored on the servers. So even people who had deleted their Friend Finder accounts may have been compromised. Some outlets are reporting that 20 years of data was released.

What You Need to Know

According to Leaked Source, the following websites were compromised:


There may also be others that we’re not aware of yet. If you have an account on any of these sites, or if you’ve ever had an account, it’s best to assume that your information has been compromised. Unless you’ve been in the habit of using unique, strong passwords 6 Tips For Creating An Unbreakable Password That You Can Remember If your passwords are not unique and unbreakable, you might as well open the front door and invite the robbers in for lunch. Read More for a long time, you should change all of your other account passwords. Now.

The AdultFriendFinder breach isn’t yet searchable on, and Leaked Source hasn’t posted a link [Broken URL Removed] to the database on their main page. So there’s no way to know for sure at the time of this writing if your information has been made public. It’s best to assume that it has.


Is It Really That Bad?

This hack could have serious repercussions. Sites like AdultFriendFinder and its affiliates collect important information that could be used by identity thieves 10 Pieces of Information That Are Used to Steal Your Identity Identity theft can be costly. Here are the 10 pieces of information you need to protect so your identity isn't stolen. Read More . Your name, email and physical addresses, and phone number are all crucial to identity theft. If you notice any suspicious financial activity after a breach like this, contact the relevant institutions immediately.

The fact that these particular sites are adult-oriented means that this information could potentially be used for blackmail Sextortion Has Evolved And It's Scarier Than Ever Sextortion is an abhorrent, prevalent blackmailing technique targeting young and old, and is now even more intimidating thanks to social networks like Facebook. What can you do to protect yourself from these seedy cybercriminals? Read More as well. If your hookups, one-night stands, and sexual preferences were to be made public, what would you do or pay to prevent it? It’s a sobering thought. Whether or not you want to bring up the fact that your name might be on one of these lists with someone close to you is a tough decision, too.

There’s always the risk of simple mayhem, as well. Plenty of hackers are out just to cause problems for other people. This could mean deleting your other accounts, taking over your social media feeds, sending spam or malware to the people in your email contact list, and many other things that aren’t inherently as bad as identity theft or blackmail, but are still really annoying.

How to Prevent This Next Time

Obviously we all hope there’s no next time. But based on what we’ve seen over the past couple years, it seems like there’s a good chance. So here’s what needs to happen.


1. We (all of us) need to demand better security.

Whether you had an account at one of these sites or not, this concerns you. The companies storing our data need to know that security matters. A lot. We need to start expecting companies to not only protect our data, but to explain to us in clear terms how they’re going to do that.

Image Credit: faithie via Shutterstock

Sign petitions Do Online Petitions Ever Accomplish Anything? Some people dismiss online petitioning as merely slacktivism, no better than hashtag activism, but certain e-petitions can make a difference. Let's look at what works and what doesn't. Read More , fill out feedback forms, choose where you bring your business. These are the sorts of things that will show organizations that security is important.

2. Understand that nothing online is private.

Sure, encrypted messaging 6 Secure iOS Messaging Apps That Take Privacy Very Seriously Don't fancy your messages being read by unwanted parties? Get a secure messaging app and worry no more. Read More will keep people from eavesdropping. Encrypted email How to Encrypt Your Gmail, Outlook, and Other Webmail Email accounts hold the keys to your personal information. Here's how to encrypt your Gmail,, and other mail accounts. Read More makes it nearly impossible for the NSA to read. But when you entrust your data to someone else, there’s a possibility that someday it will be made public.


Keep this in mind when you sign up for services like AdultFriendFinder or Penthouse How Online Porn is the Ultimate Privacy Nightmare Read More . If you still want to sign up, at least open up a new email address and use an anonymous, temporary credit card (like Vanilla Visa) for that purpose. Managing multiple email accounts can be a pain, but think of the alternative.

3. Choose strong passwords.

If your data is leaked, there are a few ways to minimize the damage. The first and best way is to choose unique passwords for all of your accounts. Anyone who gets hold of one of your passwords isn’t going to be able to do anything with it, because it won’t work on any other sites.


We’ve shown you all sorts of ways to come up with strong passwords. And using a tool like LastPass’s password generator (pictured above) will give you nearly-uncrackable passwords. The top 10 passwords from AdultFriendFinder were as follows:

  1. 123456
  2. 12345
  3. 123456789
  4. 12345678
  5. 1234567890
  6. 1234567
  7. password
  8. qwerty
  9. qwertyuiop
  10. 987654321

These ten passwords were in use by almost three million accounts, with “123456” making up over 900,000 of those. It’s embarrassing 7 Password Mistakes That Will Likely Get You Hacked The worst passwords of 2015 have been released, and they're quite worrying. But they show that it's absolutely critical to strengthen your weak passwords, with just a few simple tweaks. Read More .

Come On, People

Our entire lives are online, and in many cases, they’re protected by little more than a single password. The companies we entrust our data to aren’t doing a good job of protecting it. We’re putting too much faith in them, and we’re not putting in the effort to create backstops. This just shouldn’t be happening anymore.

Hackers are out there, and they’re not going to go away. In fact, they’re only going to use more sophisticated methods to wreak havoc. We need to start demanding better protection from providers, and we need to take steps to protect ourselves.

Have you been affected by this data breach? Even if you’re not, will you reconsider your personal online security because of it? Share your thoughts in the comments below!

Related topics: Online Dating, Security Breach.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Ol
    November 15, 2016 at 3:00 pm

    This is an eye opener for me.
    I've put my trust in encryption techniques especially when it's expected that such websites implement it correctly.
    Lately with Yahoo mail being hacked too, I just think that nothing is really secure online.
    What about our cloud data and all of that ? I might start thinking again on how/where I backup my stuff.
    I might be naïve but I really expected that it was the basics of online professionals to encrypt everything, every bit of stored data should highly be encrypted with latest known secure enough techniques/algorithms...should even be a law or something...

    • Dann Albright
      November 28, 2016 at 2:58 am

      Yeah, you'd think people would put better security measures in place, wouldn't you? It always amazes me when I find out that a large website has been storing things in plain text. There's just no reason for that. But yeah, I've started to worry about my own cloud data security. I don't have a whole lot in Dropbox or Google Drive, but my entire life has been backed up in Crashplan. They certainly seem like they've secured it well, but it's hard to have confidence in anyone anymore.