Adult Friend Finder Hack Will Lead to 'Domino Effect'

Adult Friendfinder hack accounts email
The details of up to 412 million people have been exposed following a hack of the "sex hookup" website AdultFriendFinder. ScreenGrab/ AdultFriendFinder

A major data breach to the "sex and swingers" website Adult Friend Finder could trigger a series of follow-on hacks, security researchers have warned.

Up to 412 million accounts have been compromised, according to monitoring firm Leaked Source, exposing the personal details of the site's users. If confirmed, the breach would be largest known breach of personal data this year.

It is the second time in as many years that Adult Friend Finder has been hacked, following 3.5 million user records being exposed in May 2015. Data reportedly breached in the latest hack includes email addresses, passwords, IP addresses and site membership status.

If Adult Friend Finder users have the same password for multiple sites and online services, criminals could use it to compromise other accounts. Similarly, personal details could be used in phishing campaigns that use such information as bait to trick people into giving up sensitive data.

"With this breach of 400 million accounts we should expect a domino effect of smaller data breaches with password reuse and spear-phishing," says Ilia Kolochenko, CEO of security firm High-Tech Bridge.

"General Data Protection Regulation (GDPR) enforcement will probably help to minimize this type of incident in the future, however it will take some time. Users should keep in mind that everything they post or share online may become public one day. Keep this in mind and it will prevent many bad things from happening online."

Other experts have criticized the way the personal data was stored, particularly with regards to the importance of password security.

"Storage of clear-text passwords is inexcusable in today's world," says Mike Raggo, chief research scientist at social media security firm ZeroFox. "Prompt password changes for the impacted account, and any other accounts the user owns that may use the same password, should all be changed ASAP."