The breach took place in October, and if the estimate is correct, it is one of the largest data breaches in history. Exposed user data includes twenty years of email addresses, login dates, passwords, browser information, and IP addresses, the Independent reports. Previously deleted user accounts are included in the hack.
“The leaked database also includes 16 million deleted accounts, 78,301 US military and 5,650 US government email addresses,” ZDNet reports.
In 2015, the hook-up website Ashley Madison was the target of a massive data breach of what the company claimed was some 40 million users, although subsequent investigation revealed that many of the accounts were faked by the website to boost numbers. Though less users were affected by that hack, those who were had far more information exposed — from sexual preferences to photos and addresses.
Following the information in the Ashley Madison hack being made public, many fell victim to attempted blackmail schemes, and this breach has the potential for a similar result.
“Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation," Diana Ballou, vice president and senior counsel at Friend Finders Networks, told ZDNet.
"While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability," she stated. "FriendFinder takes the security of its customer information seriously and will provide further updates as our investigation continues.”
FriendFinder was previously hacked in May 2015, and the data of some 3.9 million users was released online.