There are currently 2,520,549,324 / 3,109,103,084 accounts in our database.

Sexual secrets for hundreds of millions exposed in largest hack of 2016

November 13th, 2016

Table of Contents

Summary

Friend Finder Network Inc is a company that operates a wide range of 18+ services and was hacked in October of 2016 for over 400 million accounts representing 20 years of customer data which makes it by far the largest breach we have ever seen -- MySpace gets 2nd place at 360 million. This event also marks the second time Friend Finder has been breached in two years, the first being around May of 2015.


A list of sites we have verified, how many affected accounts and a brief description are as follows:

  • Adultfriendfinder.com
    • 339,774,493 users
    • "World's largest sex & swinger community"
  • Cams.com
    • 62,668,630 users
    • "Where adults meet models for sex chat live through webcams"
  • Penthouse.com
    • 7,176,877 users
    • Adult magazine akin to Playboy
  • Stripshow.com
    • 1,423,192 users
    • Another 18+ webcam site
  • iCams.com
    • 1,135,731 users
    • "Free Live Sex Cams"
  • Unknown domain
    • 35,372 users

Total: 412,214,295 affected users


How did it happen? They were hacked via a Local File Inclusion exploit and you can read more about the situation when it was initially reported from this link.


After much internal deliberation by the LeakedSource team and for various reasons, we have decided that this data set will not be searchable by the general public on our main page temporarily for the time being*.


*Due to these unique circumstances, understandably skeptical journalists can contact us for undeniable proof. Trust us but independently verify our claims.


Anyone may use any information on this page for free even commercially, provided LeakedSource is given prominent credit and a direct hyperlink back to this website. (Creative Commons License 4.0)

About Us

LeakedSource is a breach notification website that specializes in bringing hacking incidents to the public eye. To accomplish this we offer a freemium tool to see if your information has been affected by any hacks we know about. We also offer a proactive FREE notification service where if we find your email in a future hack, we'll tell you about it.


Sometimes when the incident is important enough, we analyze and blog about it. We also have a tool for businesses to automatically check to see if any of their own customers are reusing a password from a public hack over at our API. Companies can then force change passwords which completely irradicates credential stuffing attacks on their services saving them millions of dollars in customer support costs. It is important for us to state that we are publishers not hackers and you can read more about us on our FAQ. Now onto the details.

Deleted Users... maybe?

While perusing the data we noticed that a significant amount of users had an email in the format of: email@address.com@deleted1.com. Uh oh.


We've seen this situation many times before and it likely means these were users who tried to delete their account but the data is obviously still kept around because you know, we're looking at it. According to a reporter it is impossible to register an account using an email that's formatted this way which means the addition of "@deleted.com" was done behind the scenes by Adult Friend Finder. So counting the amount of emails with "@deleted" near the end, we have 15,766,727 "deleted" accounts in AdultFriendFinder.com.

Passwords

Passwords were stored by Friend Finder Network either in plain visible format or SHA1 hashed (peppered). Neither method is considered secure by any stretch of the imagination and furthermore, the hashed passwords seem to have been changed to all lowercase before storage which made them far easier to attack but means the credentials will be slightly less useful for malicious hackers to abuse in the real world.


At this time we also can't explain why many recently registered users still have their passwords stored in clear-text especially considering they were hacked once before, but here's the breakdown:

  • AdultFriendFinder.com
    • 103,070,536 passwords already plainly visible
    • 232,137,460 passwords hashed with SHA1
    • 99.3% of all passwords from this website are now plaintext (cracked).
  • Cams.com
    • 21,422,277 passwords already plainly visible
    • 41,209,412 passwords hashed with SHA1
    • 96.8% of all passwords from this website are now plaintext (cracked).
  • Penthouse.com
    • 495,720 passwords already plainly visible
    • 6,678,239 passwords hashed with SHA1
    • 99.9% of all passwords from this website are now plaintext (cracked).
  • Stripshow.com
    • 342,889 passwords already plainly visible
    • 1,080,303 passwords hashed with SHA1
    • 99.95% of all passwords from this website are now plaintext (cracked).
  • iCams.com
    • 272,409 passwords already plainly visible
    • 863,317 passwords hashed with SHA1
    • 99.96% of all passwords from this website are now plaintext (cracked).

Total: 99.0% of all available passwords are now visible in plaintext


We can then create a table of the most commonly used passwords from only the main AdultFriendFinder.com database which provides a reasonable sample of the kind of credentials in use. Hint: They're not good ones.


Rank Password Frequency
1 123456 900,420
2 12345 635,995
3 123456789 585,150
4 12345678 145,867
5 1234567890 133,414
6 1234567 112,956
7 password 101,046
8 qwerty 86,050
9 qwertyuiop 43,755
10 987654321 40,627
11 123123 39,614
12 111111 38,848
13 pussy 37,938
14 fuckme 36,008
15 asdfghjkl 35,021
16 000000 34,631
17 fuckyou 34,498
18 abc123 34,080
19 00000 33,796
20 11111 33,263
21 55555 31,524
22 54321 31,278
23 123452 30,111
24 654321 29,624
25 pwd1234 28,061
26 zxcvbnm 27,237
27 iloveyou 24,155
28 qwert 22,499
29 666666 21,629
30 asdfg 20,696
31 0123456789 20,485
32 azerty 19,700
33 0987654321 19,641
34 france 19,559
35 abcd1234 19,056
36 password1 18,677
37 fffff 18,461
38 112233 18,152
39 696969 18,150
40 123321 17,703
41 121212 17,302
42 asdfgh 16,400
43 football 16,080
44 12345678910 16,054
45 abcde 15,789
46 qwerty123 15,286
47 1qaz2wsx 14,885
48 123123123 14,691
49 pakistan 14,173
50 aaaaa 13,543
51 barcelona 13,170
52 fuckoff 12,977
53 bigdick 12,725
54 102030 12,564
55 asshole 12,512
56 7777777 12,280
57 baseball 12,213
58 qazwsx 12,181
59 liverpool 12,129
60 fucker 11,996
61 sexsex 11,956
62 fucking 11,924
63 987654 11,706
64 555555 11,680
65 aaaaaa 11,599
66 abcdef 11,599
67 daniel 11,541
68 0000000000 11,400
69 222222 11,271
70 carlos 11,256
71 superman 11,181
72 teamo 11,044
73 123654 11,032
74 159753 10,995
75 dragon 10,809

We've also hand selected a bunch of the longest real passwords we've managed to crack, obtained from all websites.


Password Length
pussy.passwordLimitExceeded:07/1 32
gladiatoreetjaimelesexetjaimefum 32
antidisestablishmentarianism 28
pussypussymoneymoneyweedweed 28
1234tellmethatyoulovememore 27
ifyourreadingthisitstoolate 27
12bucklemyshoe34shutthedoor 27
iloveyousomuchdarling123456 27
fuck her right in the pussy 27
killerklownzfromouterspace 26
sexisthesecretofmyenergy 24
thingsyouseeinagraveyard 24
schrodingersfavouritecat 24
mypussyiswetterthanyours 24
dontthinkaboutitchelsea 23
cunninglinguistbackdoor 23
primeministerismanmohan 23
iwilleatyourpussyright 22
who the fuck is alice? 22
protopopicitorescovici 22
youwillneverwalkalone 21
needledickthebugfucer 21
myboyfriendsadickhead 21
ilovemanchesterunited 21
hotsexgirlscomemyway 20
ratsliveonnoevilstar 20
ilovebigdickintheass 20
southafricanmolerat 19
moneyhungrybitches 18
ifuckinghateshayne 18
bigfloppydonkydick 18
werwolfremuslupin 17
kuntwhorebitch123 17
elephantintheroom 17
godstimeisthebest 17
brazilianfartporn 17
carlosfromcancun 16

Emails

Usually people ask us how many .gov and .mil emails exist on sites like this which is easy enough to check. There are 5,650 .gov registered emails on all websites combined and 78,301 .mil emails.


We can also generate a simple table of top email providers used, from AdultFriendFinder.com only. If you review all of our blogs it's easy to see the heavy usage of Yahoo and Hotmail addresses in companies that are older than 2004, the year Gmail was created.


Rank Email Domain Frequency
1 @hotmail.com 96,487,200
2 @yahoo.com 74,563,930
3 @gmail.com 61,754,102
4 @aol.com 9,086,506
5 @hotmail.fr 5,640,471
6 @live.com 4,324,630
7 @yahoo.fr 3,301,523
8 @yahoo.com.tw 3,026,680
9 @hotmail.co.uk 2,814,063
10 @ymail.com 2,642,879
11 @msn.com 2,222,420
12 @breakthru.com 2,215,865
13 @rediffmail.com 2,076,126
14 @live.fr 1,862,694
15 @yahoo.co.in 1,852,173
16 @yahoo.co.uk 1,731,497
17 @yahoo.com.br 1,709,304
18 @hotmail.es 1,680,818
19 @hotmail.it 1,666,715
20 @libero.it 1,379,122
21 @web.de 1,242,285
22 @yahoo.in 1,234,240
23 @outlook.com 1,225,885
24 @yahoo.es 1,204,253
25 @rocketmail.com 1,084,346
26 @comcast.net 978,480
27 @bol.com.br 900,003
28 @gmx.de 852,200
29 @yahoo.com.mx 784,632
30 @yahoo.it 683,752
31 @mail.com 675,590
32 @live.co.uk 646,636
33 @live.com.mx 644,434
34 @hotmail.de 630,410
35 @yahoo.co.id 580,495
36 @yahoo.ca 579,302
37 @yahoo.de 578,757
38 @sbcglobal.net 573,936
39 @orange.fr 563,015
40 @live.it 560,782
41 @ig.com.br 523,142
42 @googlemail.com 510,939
43 @aim.com 497,700
44 @yahoo.com.ar 464,441
45 @abv.bg 418,401
46 @att.net 415,071
47 @alice.it 395,113
48 @yahoo.com.hk 380,777
49 @yahoo.com.au 370,662
50 @hotmail.com.br 346,287
51 @verizon.net 341,630
52 @live.ca 318,949
53 @hotmail.com.ar 292,864
54 @excite.com 287,164
55 @laposte.net 280,167
56 @btinternet.com 279,092
57 @virgilio.it 269,784
58 @wanadoo.fr 268,126
59 @bellsouth.net 268,070
60 @email.com 265,114
61 @icloud.com 264,224
62 @yahoo.com.cn 261,927
63 @facebook.com 260,584
64 @cox.net 260,106
65 @windowslive.com 259,254
66 @tiscali.it 257,141
67 @live.nl 256,422
68 @free.fr 255,041
69 @freenet.de 254,195
70 @seznam.cz 249,557
71 @gmx.net 248,765
72 @o2.pl 232,689
73 @earthlink.net 229,113
74 @t-online.de 224,136
75 @yahoo.com.vn 215,779
76 @latinmail.com 212,064
77 @live.com.ar 210,307
78 @hotmail.ca 204,783
79 @live.com.au 201,867
80 @yahoo.co.jp 195,025
81 @me.com 194,905
82 @yahoo.gr 186,611
83 @gmx.at 181,420
84 @yahoo.com.sg 174,536
85 @live.cl 169,410
86 @netscape.net 167,281
87 @juno.com 164,607
88 @freemail.hu 162,510
89 @gmx.com 160,957
90 @charter.net 154,978
91 @live.de 152,999
92 @uol.com.br 152,498
93 @ovi.com 148,861
94 @live.com.pt 145,438
95 @voila.fr 144,744
96 @bigpond.com 144,575
97 @sapo.pt 141,379
98 @yahoo.com.ph 140,006
99 @terra.com.br 138,174
100 @inbox.lv 133,504

Languages

What are the main languages (where available) spoken by FFN users?


Rank Language Frequency
1 english 248,986,884
2 spanish 63,602,761
3 portuguese 29,827,490
4 french 23,313,262
5 chinese 10,384,967
6 italian 8,730,620
7 german 8,308,691
8 dutch 3,870,729
9 tagalog 2,282,025
10 swedish 1,266,684
11 japanese 651,506
12 korean 281,388

Site Growth and Usage

Sometimes when join dates and last visit dates are available, we can see how popular a website truly is.


AdultFriendFinder.com - Number of users who visited the site in this year, but never came back afterwards.


The last number, 6 million in 2016 would represent the known total amount of users who visited the site in 2016.


Year Members who never returned after this year
UNKNOWN 81,567,099
1997 36
1998 154
1999 10,166
2000 1,896
2001 93,127
2002 81,170
2003 826,403
2004 1,506,632
2005 699,309
2006 337,792
2007 2,542,016
2008 2,483,046
2009 11,449,232
2010 22,745,563
2011 39,986,839
2012 31,039,071
2013 53,186,359
2014 67,677,193
2015 17,487,269
2016 6,054,113

Cams.com - How many new people registered in each year?


Year New Members
1998 103
1999 733
2000 636
2001 1,664
2002 8,288
2003 12,783
2004 17,067
2005 184,480
2006 828,922
2007 6,409,584
2008 8,853,411
2009 7,038,754
2010 7,097,596
2011 5,938,875
2012 6,896,421
2013 6,354,311
2014 5,588,085
2015 4,703,541
2016 2,700,272

We can also determine how many Cams.com users joined and never returned to the site (register date = last visit date). That number is 1,084,686 out of 62.6 million which is addmitedly quite impressive on their end, most of the users that come to the site actually use it.


Penthouse.com - How many new people registered in each year?


Data seems to end during the 2014 year, we're not sure why.


Year New Members
1997 194
1998 1,325
1999 1,790
2000 349
2001 780
2002 1,926
2003 2,552
2004 5,330
2005 238,299
2006 142,855
2007 117,548
2008 1,248,557
2009 712,008
2010 1,315,626
2011 1,608,557
2012 1,113,536
2013 604,809
2014 60,708

Database Schemas

Provided below are the table schemas for (in order), AdultFriendFinder.com, Cams.com, Penthouse.com. These are mostly of interest to IT professionals