FriendFinder Networks did not confirm or deny the breach when reached by The Washington Post. But the company said in a statement that it had “received a number of reports regarding potential security vulnerabilities from a variety of sources” and that it is investigating. "Immediately upon learning this information, we took several steps to review the situation and bring in the right external partners to support our investigation," the statement said.

The Adult FriendFinder data stretched back 20 years and included information such as usernames, emails, join dates and the date of a user’s last visit, according to LeakedSource. Passwords were also included in the trove -- the vast majority of them featured unsecured protections or none at all, the report said.

AD

AD

LeakedSource said the alleged breach includes nearly 340 million accounts from flagship site Adult FriendFinder, plus data from other sites owned by FriendFinder Network, including Cams.com, as well as records from Penthouse.com, which was sold in February. The cache may also include 15 million email addresses connected to deleted accounts, according to LeakedSource.

The new owners of Penthouse.com said they are aware of the alleged breach. "[W]e are waiting on FriendFinder to give us a detailed account of the scope of the breach and their remedial actions in regard to our data," Penthouse Global Media chief executive Kelly Holland said in an emailed statement.

The information was stolen last month using a vulnerability exposed around the same time, LeakedSource reported.

AD

The previous FriendFinder Network breach came to light in May 2015 and affected 3.5 million accounts. Both that hack and others in the adult industry, such as the 2015 Ashley Madison breach that exposed data from about 36 million users, pale in comparison to the scale of the latest alleged FriendFinder Networks data dump.