(Reuters) – Login credentials for over 412 million users of adult websites run by California-based FriendFinder Networks Inc. were compromised last month in the largest hack of 2016, according to breach notification website LeakedSource.com.
Compromised data includes nearly 340 million credentials for Adultfriendfinder.com, which bills itself as “the world’s largest sex and swinger community,” some 63 million records from video sex-chat site cams.com and about 7 million records from adult magazine site Penthouse.com, LeakedSource said in a blog published on Sunday.
Representatives of FriendFinder Networks, one of the world’s biggest adult website operators, could not be reached for comment on Monday.
If confirmed, the number of email addresses would account for more than 10 times the number exposed in last year’s high-profile hack of infidelity website Ashley Madison. That attack prompted class action lawsuits and an investigation by the U.S. Federal Trade Commission.
Technology website ZDnet reported that FriendFinder Vice President and Senior Counsel Diana Ballou declined to confirm there had been a breach. It cited her as saying the company had sought outside help to investigate reports about potential security vulnerabilities that it had received over the past several weeks.
“While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability,” ZDnet quoted Ballou as saying.
LeakedSource said it was able to view passwords for 99 percent of the credentials.
It said that some 78,301 of the accounts were registered to .mil email addresses, which are used by the U.S. military, and another 5,650 were .gov addresses used by U.S. government agencies.