Like all sectors -- government, retail, finance and healthcare -- the adult and porn businesses are feeling the consequences of not making security a priority, in the worst possible ways. Take for example this week's breach-bloodbath, in which Friend Finder Networks (FFN) lost their Sourcefire code to criminal hackers and put their users in serious risk.Combined with Ashley Madison's many deceits, FFN also contributed to the deepening public mistrust about the very sensitive data exchange between adult companies and their consumers.Suffice to say, federal employees are in the category of pervs who need to make sure they aren't reusing any of those bad passwords on other accounts.As we discovered by files exposed in the Ashley Madison breach, Friend Finder wasn't removing profiles that users believed to have been closed or removed.Adult Friend Finder's acquisition by Penthouse was the subject of a 2007 lawsuit by Broadstream Capital Partners, a merchant bank that assists with mergers, alleging Penthouse breached a 2006 contract by purchasing the company without obtaining Broadstream's consent, a claim Penthouse denies.On November 13, 2016, it was reported that a database of usernames, e-mails, and passwords had been breached and leaked from Adult Friend Finder and other Friend Finder Networks websites.Making it worse than a typical security fail is what's in the data.The snatched records contain usernames, email addresses and passwords -- nearly all of which are visible in plain text.
For context of just how big this breach is, the Ashley Madison hack affected 32 million people.Stolen Friend Finder Networks files show that 78,301 accounts used a email address, 5,650 used a email.reports addresses associated with the British government include seven email addresses, 1,119 from the Ministry of Defence, 12 from Parliament, 54 UK police email addresses, 437 NHS ones and 2,028 from schools.Leaked Source said "this data set will not be searchable by the general public on our main page temporarily for the time being."But as infosec blog put it, "The point is, these records exist in multiple places online.They're being sold or shared with anyone who might have an interest in them."That's more users than Twitter and a third of Facebook's global membership.The company also kept logins for a site they don’t even run anymore (Friend Finder sold to Penthouse Global Media in February).Friend Finder also retained email and passwords for over 15 million people who had deleted their accounts.The breach included 300 million Adult Friend Finder user accounts, including account data for 15 million accounts that had supposedly been "deleted".The passwords had not been encrypted at all, or encrypted with the obsolete and insecure SHA-1.More than 900,000 accounts used the password "123456," 101,046 used "password," tens of thousands used words like "pussy" and "fuckme" -- which we suppose is exactly what Friend Finder did to the user by storing their passwords so recklessly.But wait, there's more embarrassment to be had by all.