For the last time, “123456” is not an okay password, people.
The sex and dating site AdultFriendFinder has been hacked for the second time, according to the breach notification website LeakedSource, and the world’s truly lousy password habits have again been exposed in the process.
The breach reportedly occurred in October, with more than 400 million accounts from over two decades now leaked. In addition to Adultfriendfinder.com, user information from sites like Stripshow.com and Penthouse.com was also dumped online.
The California-based Friend Finder Networks, AdultFriendFinder’s parent company, claims that 700 million people engage with at least one of their sites. User data from its property Cam.com, “one of the largest providers of live model webcams in the world,” was also included in the hack.
Unsurprisingly, the passwords revealed in the latest data haul are terrible.
The top three most used passwords? “123456,” “12345” and “123456789.” You have to go through the list to number 13 until you find the slightly more original but still spectacularly useless “pussy.”
LeakedSource also selected some of the longest real passwords it managed to find. Random sample: “schrodingersfavouritecat,” “ilovemanchesterunited” and “carlosfromcancun.”
Echoing the AshleyMadison saga of 2015, it seems around 15,766,727 AdultFriendFinder deleted accounts were not in fact deleted. In the affair site’s case, the passwords were similarly dumb.
A large amount of the passwords were also insecurely stored in clear-text by the site — an unacceptable move, as LeakedSource pointed out, given the site already went through a significant hack in 2015.
The personal data of nearly 4 million users was exposed in May 2015, including IP addresses, birth dates, usernames and even sexual orientation.
ZDNet obtained a potion of the most recently hacked database to verify, and found it did not appear to contain sexual preference information.
Friend Finder Networks confirmed the site’s security vulnerabilities to the publication, but did not explicitly state the hack had occurred.
“Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources,” Diana Ballou, vice president and senior counsel, told ZDNet.
“Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation.”