The owner of the AdultFriendFinder dating website, Friend Finder Network Inc, has been hacked for the second time in 18 months, resulting in the theft of data on some 400 million users of its websites.
The data, which includes user name, email address and password, has been spilled on the LeakedSource website, but LeakedSource has decided against publishing the data, for now at least.
"Friend Finder Network Inc is a company that operates a wide range of 18+ services and was hacked in October 2016 for over 400 million accounts representing 20 years of customer data, which makes it by far the largest breach we have ever seen," said LeakedSource.
"This event also marks the second time Friend Finder has been breached in two years, the first being around May 2015."
The 400 million user number comes from the organisation's wider network that includes Penthouse.com, and Cams.com, a site "where adults meet models for sex chat live through webcams".
AdultFriendFinder claimed the bulk of the users, however, at around 340 million. LeakedSource has decided against publishing the dataset from the hack, which it usually does.
"After much internal deliberation by the LeakedSource team, and for various reasons, we have decided that this dataset will not be searchable by the general public on our main page for the time being," the organisation said.
However, LeakedSource has fewer scruples about upsetting the people responsible for security (or the lack of it) at FriendFinder after discovering that many email addresses from supposedly deleted accounts had been retained.
"While perusing the data we noticed that a significant amount of users had an email in the format of [email protected]@deleted1.com. Uh oh," LeakedSource said.
"We've seen this situation many times before and it likely means these were users who tried to delete their account, but the data is obviously still kept around because we're looking at it.
"Counting the amount of emails with @deleted near the end, we have 15,766,727 'deleted' accounts in AdultFriendFinder.com."
Passwords were stored by Friend Finder Network in plain format or SHA1 hashed (peppered). Neither method is considered secure by any stretch of the imagination.
"Furthermore, the hashed passwords seem to have been changed to all lowercase before storage, which made them far easier to attack, but means the credentials will be slightly less useful for malicious hackers to abuse in the real world," said LeakedSource.
The affected sites carry no mention of the hack, although no doubt those who use the sites will be well aware of the incident and wondering how it could affect them.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all