The database did not include detailed information like analogue Ashley Madison did, but it still could be used to confirm whether a person had signed up for the service.
AdultFriendFinder presents itself as the world’s largest internet community for swinging and sex. Its other sub-sites include Cams.com, Penthouse.com, Stripshow.com, iCams.com and others, with a total of 412 million accounts. LeakedSource called the breach “by far the largest breach we have ever seen.”
Analysts suggest that the breach was possible because users passwords were encrypted using the unsecure method of SHA1-hashing.
As it turns out, the most popular password was “123456.” It was used by almost a million visitors. The password “12345” was used more than 635 thousand times, and “123456789,” more than 585 thousand times. The longest password was "pussy.passwordLimitExceeded:07/1."
Other popular non-numeric passwords included words related to sex and country names.
Among the e-mail domains used for account registration there were 5,650 governmental addresses from American government domain “.gov,” and 78,301 thousand addresses from the defense domain “.mil”. In the top-100 domains there was not one using the Russian “.ru,” however, there were 61 million Gmail addresses.
This is the second breach of AdultFriendFinder in 1.5 years. In 2015 information about 3,9 million users’ sexual preferences was leaked from the site.
The leak is massively larger than the Ashley Madison hack that exposed 32 million accounts in August 2015. On the other hand, the Ashley Madison breach was more sensitive because the site kept intimate information such as users' sexual preferences, fetishes, fantasies, etc. Moreover, before Ashley Madison was hacked, it had been warned that its data could end up online if it did not shut down operations.