The 2015 hack of FriendFinder Networks Inc.’s adult dating site has been surpassed by a new hack in October this year that has exposed a far larger number of user details, including those of members on other sites owned by the parent company.

According to LeakedSource, a site that specializes in tracking and detailing hacked databases, a staggering 412 million account details from Adult FriendFinder and other sites have appeared on the dark web. Worse, some 99 percent of those accounts include passwords stored in plain text or SHA1 hashed, the latter being easy to hack.

The FriendFinder Networks sites hacked by the numbers, including the percentage of passwords that are available in plain text (either originally or since cracked)

• Adult FriendFinder: 339,774,493 users with 99.3 percent of passwords in plain text
• Cams.com: 62,668,630 users with 96.8 percent of all passwords in plain text
• Penthouse.com: 7,176,877 users with 99.9 percent of all passwords in plain text
• Stripshow.com: 1,423,192 users with 99.5 percent of all passwords in plain text
• iCams.com: 1,135,731 users with 99.96 percent of all passwords in plain text

The data also included 15 million records for accounts that had been deleted.

The only fortunate part of the hack is that LeakedSource at this time has decided not to publish the details of the database for search, meaning that members of these services won’t be exposed anytime soon, at least until others get their hands on the database.

ZDNet managed to confirm that the data was legitimate, but unlike the previous hack did not include sexual preference data and was restricted instead to username, password, browser information, IP address, VIP status and email address.

Not confirmed

FriendFinder Networks has not confirmed that the breach has taken place, but instead confirmed in a statement that they were aware of security issues. “Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources. Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation,” a statement read. “While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability.”

The Friendfinder Networks hack is now one of the largest hacks in history, beaten only by the possible 427 million accounts hacked from MySpace and the 500 million to up to 3 billion account details hacked from Yahoo Inc.

Image credit: 74568665@N03/Flickr/CC by 2.0