Companies need to start putting in measures to stop these passwords being used.We have the lists, they have the lists, it’s a simple lookup. is investigating reports that data from more than 412 million user accounts was stolen from five of the company’s online-dating, sex-chat and pornography sites.The stolen data includes 20 years of customer email addresses and passwords, according to Leaked Source.com, an anonymously run website that sells access to stolen records.
Others may be duplicates or created by automated programs known as “bots.” Leaked Source said most of the records, 340 million, were taken from Adult Friend Finder.com, which facilitates casual relationships.In this case verification has shown that some data is stored in clear text while passwords are encrypted with SHA-1 (not enough to thwart today’s adversaries).Unfortunately penetration testing or application security scanning can offer almost no insight into how data is stored or processed inside an organisations applications and data stores. It enables organisations to see how their data is managed by systems and more importantly whether it is encrypted and whether that encryption level is satisfactory.” Justine Cross, Regional Director at “The public has long since run out of patience for companies that fail to protect their data, and the Friendfinder Network is just the latest example proving that businesses must take a new stance to keep information in their care safe.With the previous attacks we have seen on these types of websites you would have expected the password storage security to have been increased but sadly this is not the case here.The methods used were considered poor practise by some and terrible by others.In February, Friend Finder Networks said Adult Friend Finder had more than 60 million users.Data was also stolen from Penthouse.com, Cams.com, Stripshow.com, and i Cams.com, according to Leaked Source. Also popular on WSJ.com: RNC Chair Reince Priebus is named Donald Trump’s chief of staff.With this in place, even if data is stolen it will be much more difficult for criminals to make use of it.While it's the largest data breaches that grab our attention, even smaller information security failures can have a big impact on a business, reducing its credibility, turning off current and potential clients, and making individuals far more vulnerable to fraud and identity theft.Not only were passwords stored with trivial protection, but accounts that users had deleted, appeared to not have been deleted at all.The impact from sites such as Adult Friend Finder could be as significant as the Ashley Madison breach which had reports of suicides as a direct result of the breaches.