World's Fourth Largest Data Breach

Disclaimer

We Leak Info did not take any part in breaching this website. Furthermore, we do not know the individual(s) who breached this website.

We Leak Info does not sell or trade databases. Please do not contact us about acquiring this data from us. We will ignore such requests.

We Leak Info does not give out information about our donors. We take the privacy of our users very seriously.

Journalists, researchers, news outlets, law enforcement, and alike can contact us through the methods listed below.

Anyone may use and cite any information on this page as long as proper credit is given to We Leak Info and a link is provided to the website.

Contact Methods:


Introduction

On January 18, 2018, we acquired the Adult Friend Finder database breached in 2016. The database was donated to We Leak Info by an anonymous donor. Adult Friend Finder, "The World’s Largest Sex & Swinger Community", is a popular online dating website. Adult Friend Finder was also breached in 2015 with over 3.5 million records. This is the third biggest data breach available on We Leak Info, falling shortly before Netease (126.com & 163.com) at 288 million records.


What is We Leak Info?

We Leak Info is the world's fastest and largest data breach search engine. We help individuals secure themselves online by allowing them to verify if their password or email has been leaked. Unlike similar sites such as Have I Been Pwned, We Leak Info allows the user to view the raw results from the database.

We Leak Info is a freemium tool and provides free searches to everyone without registration. However, we require a small payment to view the raw results of a search. This goes towards maintaining expensive server fees and improving the service. Being the fastest data breach search engine on the market, each search takes a fraction of a milliseconds. We currently hold over 8 billion records.


Versions

The complete data breach for Adult Friend Finder includes Adultfriendfinder.com, Cams.com, Penthouse.com, Stripshow.com, iCams.com, and another unknown website. Unfortunately, we only received the data from Adultfriendfinder.com.

Supposedly the version we were given is the final parsed version that was imported into LeakedSource back in 2016. The final record count for our version is 240,000,230 records. The missing 99 million records are believed to be bot accounts that were taken out by LeakedSource when they parsed the database back in 2016.


Bot Accounts

It is a known fact that online dating websites such as Adult Friend Finder creates bot accounts to falsify matches for users. In Adult Friend Finder's case, 99 million accounts turned out to be bot accounts. The version we had did not include any of the bot accounts since LeakedSoruce themselves noticed this and removed the bot account entries.


Deleted Accounts

Some of the accounts had the prefix "rm_" in usernames or had "@deleted.com" and "@deleted1.com" in the email domain. This indicates a removed account in the database. We also noticed that the number after the "@deleted" increases. The highest number we found was 899.

We utilized regex to remove the "rm_" and "@deleted.com" portions from entries. So when you query the Adult Friend Finder database on We Leak Info, you will not see the removed extension.

We did this in order to keep the records "clean" and not to confuse our users to why the extensions were present. We believe that this does not in any way affect the validity of the data.


Passwords

Passwords in the Adult Friend Finder database are either plain text or encrypted with the SHA1 hashing algorithm. However, when our team analysed the database, we attempted to crack the hashes and noticed a pattern. Adult Friend Finder added the word "blib" at the end of every password in order to make it more difficult for attackers to decrypt the hash.

Due to the nature of this, our regular hash API, which relies on several other services, was not able to decrypt the Adult Friend Finder hashes. In response to this, our team is currently running 4 machines to decrypt all the hashes in the Adult Friend Finder database with a modified word list. Clear text passwords will be entered into We Leak Info in a few days!

Update: Our hash API is able to decrypt these hashes now. Click "Crack Hash" in the search result box.


Conclusion

Adult Friend Finder is a devastating breach for some. However, it goes to show how severe a data breach can be. In the following days or weeks, We Leak Info is looking to publish 2 undisclosed data breaches. We hope that this and future disclosures will serve as a wake up calls to companies, around the world, to take security seriously.