There are currently 5,031,480,824 accounts in our database (05/15).

We have added statistics to our Leaked Sites section of the website.

We apologize for the down time. Our search engine is backup and working. We have provided everyone a free 7 day subscription.

Sexual secrets for hundreds of millions exposed in largest hack of 2016

November 13th, 2016

Table of Contents

Summary

Friend Finder Network Inc is a company that operates a wide range of 18+ services and was hacked in October of 2016 for over 400 million accounts representing 20 years of customer data which makes it by far the largest breach we have ever seen -- MySpace gets 2nd place at 360 million. This event also marks the second time Friend Finder has been breached in two years, the first being around May of 2015.


A list of sites we have verified, how many affected accounts and a brief description are as follows:

  • Adultfriendfinder.com
    • 339,774,493 users
    • "World's largest sex & swinger community"
  • Cams.com
    • 62,668,630 users
    • "Where adults meet models for sex chat live through webcams"
  • Penthouse.com
    • 7,176,877 users
    • Adult magazine akin to Playboy
  • Stripshow.com
    • 1,423,192 users
    • Another 18+ webcam site
  • iCams.com
    • 1,135,731 users
    • "Free Live Sex Cams"
  • Unknown domain
    • 35,372 users

Total: 412,214,295 affected users


How did it happen? They were hacked via a Local File Inclusion exploit and you can read more about the situation when it was initially reported fromthis link.


After much internal deliberation by the LeakedSource team and for various reasons, we have decided that this data set will not be searchable by the general public on our main page temporarily for the time being*.


*Due to these unique circumstances, understandably skeptical journalists can contact us for undeniable proof. Trust us but independently verify our claims.


Anyone may use any information on this page for free even commercially, provided LeakedSource is given prominent credit and a direct hyperlink back to this website. (Creative Commons License 4.0)

About Us

LeakedSource is a breach notification website that specializes in bringing hacking incidents to the public eye. To accomplish this we offer a freemium tool to see if your information has been affected by any hacks we know about.We also offer a proactive FREE notification service where if we find your email in a future hack, we'll tell you about it.


Sometimes when the incident is important enough, we analyze and blog about it. We also have a tool for businesses to automatically check to see if any of their own customers are reusing a password from a public hack over at our API. Companies can then force change passwords which completely irradicates credential stuffing attacks on their services saving them millions of dollars in customer support costs. It is important for us to state that we are publishers not hackers and you can read more about us on our FAQ. Now onto the details.

Deleted Users... maybe?

While perusing the data we noticed that a significant amount of users had an email in the format of: [email protected]@deleted1.com. Uh oh.


We've seen this situation many times before and it likely means these were users who tried to delete their account but the data is obviously still kept around because you know, we're looking at it. According to a reporter it is impossible to register an account using an email that's formatted this way which means the addition of "@deleted.com" was done behind the scenes by Adult Friend Finder. So counting the amount of emails with "@deleted" near the end, we have 15,766,727 "deleted" accounts in AdultFriendFinder.com.

Passwords

Passwords were stored by Friend Finder Network either in plain visible format or SHA1 hashed (peppered). Neither method is considered secure by any stretch of the imagination and furthermore, the hashed passwords seem to have been changed to all lowercase before storage which made them far easier to attack but means the credentials will be slightly less useful for malicious hackers to abuse in the real world.


At this time we also can't explain why many recently registered users still have their passwords stored in clear-text especially considering they were hacked once before, but here's the breakdown:

  • AdultFriendFinder.com
    • 103,070,536 passwords already plainly visible
    • 232,137,460 passwords hashed with SHA1
    • 99.3% of all passwords from this website are now plaintext (cracked).
  • Cams.com
    • 21,422,277 passwords already plainly visible
    • 41,209,412 passwords hashed with SHA1
    • 96.8% of all passwords from this website are now plaintext (cracked).
  • Penthouse.com
    • 495,720 passwords already plainly visible
    • 6,678,239 passwords hashed with SHA1
    • 99.9% of all passwords from this website are now plaintext (cracked).
  • Stripshow.com
    • 342,889 passwords already plainly visible
    • 1,080,303 passwords hashed with SHA1
    • 99.95% of all passwords from this website are now plaintext (cracked).
  • iCams.com
    • 272,409 passwords already plainly visible
    • 863,317 passwords hashed with SHA1
    • 99.96% of all passwords from this website are now plaintext (cracked).

Total: 99.0% of all available passwords are now visible in plaintext


We can then create a table of the most commonly used passwords from only the main AdultFriendFinder.com database which provides a reasonable sample of the kind of credentials in use. Hint: They're not good ones.


RankPasswordFrequency
1123456900,420
212345635,995
3123456789585,150
412345678145,867
51234567890133,414
61234567112,956
7password101,046
8qwerty86,050
9qwertyuiop43,755
1098765432140,627
1112312339,614
1211111138,848
13pussy37,938
14fuckme36,008
15asdfghjkl35,021
1600000034,631
17fuckyou34,498
18abc12334,080
190000033,796
201111133,263
215555531,524
225432131,278
2312345230,111
2465432129,624
25pwd123428,061
26zxcvbnm27,237
27iloveyou24,155
28qwert22,499
2966666621,629
30asdfg20,696
31012345678920,485
32azerty19,700
33098765432119,641
34france19,559
35abcd123419,056
36password118,677
37fffff18,461
3811223318,152
3969696918,150
4012332117,703
4112121217,302
42asdfgh16,400
43football16,080
441234567891016,054
45abcde15,789
46qwerty12315,286
471qaz2wsx14,885
4812312312314,691
49pakistan14,173
50aaaaa13,543
51barcelona13,170
52fuckoff12,977
53bigdick12,725
5410203012,564
55asshole12,512
56777777712,280
57baseball12,213
58qazwsx12,181
59liverpool12,129
60fucker11,996
61sexsex11,956
62fucking11,924
6398765411,706
6455555511,680
65aaaaaa11,599
66abcdef11,599
67daniel11,541
68000000000011,400
6922222211,271
70carlos11,256
71superman11,181
72teamo11,044
7312365411,032
7415975310,995
75dragon10,809

We've also hand selected a bunch of the longest real passwords we've managed to crack, obtained from all websites.


PasswordLength
pussy.passwordLimitExceeded:07/1 32
gladiatoreetjaimelesexetjaimefum32
antidisestablishmentarianism28
pussypussymoneymoneyweedweed28
1234tellmethatyoulovememore27
ifyourreadingthisitstoolate27
12bucklemyshoe34shutthedoor27
iloveyousomuchdarling12345627
fuck her right in the pussy 27
killerklownzfromouterspace26
sexisthesecretofmyenergy24
thingsyouseeinagraveyard24
schrodingersfavouritecat24
mypussyiswetterthanyours24
dontthinkaboutitchelsea23
cunninglinguistbackdoor23
primeministerismanmohan23
iwilleatyourpussyright22
who the fuck is alice? 22
protopopicitorescovici22
youwillneverwalkalone21
needledickthebugfucer21
myboyfriendsadickhead21
ilovemanchesterunited21
hotsexgirlscomemyway20
ratsliveonnoevilstar20
ilovebigdickintheass20
southafricanmolerat19
moneyhungrybitches18
ifuckinghateshayne18
bigfloppydonkydick18
werwolfremuslupin17
kuntwhorebitch12317
elephantintheroom17
godstimeisthebest17
brazilianfartporn17
carlosfromcancun16

Emails

Usually people ask us how many .gov and .mil emails exist on sites like this which is easy enough to check. There are 5,650 .gov registered emails on all websites combined and 78,301 .mil emails.


We can also generate a simple table of top email providers used, from AdultFriendFinder.com only. If you review all of our blogs it's easy to see the heavy usage of Yahoo and Hotmail addresses in companies that are older than 2004, the year Gmail was created.


RankEmail DomainFrequency
1@hotmail.com96,487,200
2@yahoo.com74,563,930
3@gmail.com61,754,102
4@aol.com9,086,506
5@hotmail.fr5,640,471
6@live.com4,324,630
7@yahoo.fr3,301,523
8@yahoo.com.tw3,026,680
9@hotmail.co.uk2,814,063
10@ymail.com2,642,879
11@msn.com2,222,420
12@breakthru.com2,215,865
13@rediffmail.com2,076,126
14@live.fr1,862,694
15@yahoo.co.in1,852,173
16@yahoo.co.uk1,731,497
17@yahoo.com.br1,709,304
18@hotmail.es1,680,818
19@hotmail.it1,666,715
20@libero.it1,379,122
21@web.de1,242,285
22@yahoo.in1,234,240
23@outlook.com1,225,885
24@yahoo.es1,204,253
25@rocketmail.com1,084,346
26@comcast.net978,480
27@bol.com.br900,003
28@gmx.de852,200
29@yahoo.com.mx784,632
30@yahoo.it683,752
31@mail.com675,590
32@live.co.uk646,636
33@live.com.mx644,434
34@hotmail.de630,410
35@yahoo.co.id580,495
36@yahoo.ca579,302
37@yahoo.de578,757
38@sbcglobal.net573,936
39@orange.fr563,015
40@live.it560,782
41@ig.com.br523,142
42@googlemail.com510,939
43@aim.com497,700
44@yahoo.com.ar464,441
45@abv.bg418,401
46@att.net415,071
47@alice.it395,113
48@yahoo.com.hk380,777
49@yahoo.com.au370,662
50@hotmail.com.br346,287
51@verizon.net341,630
52@live.ca318,949
53@hotmail.com.ar292,864
54@excite.com287,164
55@laposte.net280,167
56@btinternet.com279,092
57@virgilio.it269,784
58@wanadoo.fr268,126
59@bellsouth.net268,070
60@email.com265,114
61@icloud.com264,224
62@yahoo.com.cn261,927
63@facebook.com260,584
64@cox.net260,106
65@windowslive.com259,254
66@tiscali.it257,141
67@live.nl256,422
68@free.fr255,041
69@freenet.de254,195
70@seznam.cz249,557
71@gmx.net248,765
72@o2.pl232,689
73@earthlink.net229,113
74@t-online.de 224,136
75@yahoo.com.vn215,779
76@latinmail.com212,064
77@live.com.ar210,307
78@hotmail.ca204,783
79@live.com.au201,867
80@yahoo.co.jp195,025
81@me.com194,905
82@yahoo.gr186,611
83@gmx.at181,420
84@yahoo.com.sg174,536
85@live.cl169,410
86@netscape.net167,281
87@juno.com164,607
88@freemail.hu162,510
89@gmx.com160,957
90@charter.net154,978
91@live.de152,999
92@uol.com.br152,498
93@ovi.com148,861
94@live.com.pt145,438
95@voila.fr144,744
96@bigpond.com144,575
97@sapo.pt141,379
98@yahoo.com.ph140,006
99@terra.com.br138,174
100@inbox.lv133,504

Languages

What are the main languages (where available) spoken by FFN users?


RankLanguageFrequency
1english248,986,884
2spanish63,602,761
3portuguese29,827,490
4french23,313,262
5chinese10,384,967
6italian8,730,620
7german8,308,691
8dutch3,870,729
9tagalog2,282,025
10swedish1,266,684
11japanese651,506
12korean281,388

Site Growth and Usage

Sometimes when join dates and last visit dates are available, we can see how popular a website truly is.


AdultFriendFinder.com - Number of users who visited the site in this year, but never came back afterwards.


The last number, 6 million in 2016 would represent the known total amount of users who visited the site in 2016.


YearMembers who never returned after this year
UNKNOWN81,567,099
199736
1998154
199910,166
20001,896
200193,127
200281,170
2003826,403
20041,506,632
2005699,309
2006337,792
20072,542,016
20082,483,046
200911,449,232
201022,745,563
201139,986,839
201231,039,071
201353,186,359
201467,677,193
201517,487,269
20166,054,113

Cams.com - How many new people registered in each year?


YearNew Members
1998103
1999733
2000636
20011,664
20028,288
200312,783
200417,067
2005184,480
2006828,922
20076,409,584
20088,853,411
20097,038,754
20107,097,596
20115,938,875
20126,896,421
20136,354,311
20145,588,085
20154,703,541
20162,700,272

We can also determine how many Cams.com users joined and never returned to the site (register date = last visit date). That number is 1,084,686 out of 62.6 million which is addmitedly quite impressive on their end, most of the users that come to the site actually use it.


Penthouse.com - How many new people registered in each year?


Data seems to end during the 2014 year, we're not sure why.


YearNew Members
1997194
19981,325
19991,790
2000349
2001780
20021,926
20032,552
20045,330
2005238,299
2006142,855
2007117,548
20081,248,557
2009712,008
20101,315,626
20111,608,557
20121,113,536
2013604,809
201460,708

Database Schemas

Provided below are the table schemas for (in order), AdultFriendFinder.com, Cams.com, Penthouse.com. These are mostly of interest to IT professionals




Follow @LeakedDatabase