The vulnerable data includes some particularly sensitive details. While it's not as bad as a 2015 breach, where sexual preferences were in the clear, the hack has revealed usernames, purchasing patters, internet addresses and easily crackable (or in some cases, unprotected) passwords. ZDNet has verified that at least some of the accounts are real.

Friend Finder Networks hasn't directly confirmed the intrusion, but it does acknowledge that it received reports of "potential security vulnerabilities," some legitimate while others were extortion schemes. The company says it fixed one hole in its code and has asked for help from the "right external partners" for its investigation. Penthouse, meanwhile, says it's aware of the hack and is just waiting for a "detailed account" of what happened and what the solutions may be.

While the chances of someone going on a shopping spree with this info are slim, there's still plenty of risk involved. Login details can reveal identities and open the door to account hijacks, and the age of the database raises extra potential for mischief -- say, blackmailing someone who may have abandoned AdultFriendFinder years ago and doesn't want their past coming back to haunt them. Either way, Friend Finder Networks will want to beef up its user data safeguards, not just prevent hackers from reaching that data.