AdultFriendFinder overhauls security after 2016 breach

The October 2016 breach of AdultFriendFinder exposed records of more than 360 million users across the FriendFinder network, spanning more than two decades. Leaked data included email addresses, usernames, passwords, sexual orientations and spoken languages, and the incident revealed weak practices such as use of SHA-1 hashing and storing passwords in plain text.

FriendFinder Networks revamped its database security, adopting stronger encryption and salted hashing. Salted hashing combines each password with a unique random string before applying a one-way hash, reducing the risk that identical passwords across accounts become equally vulnerable.

The company began contracting outside cybersecurity firms, including Google subsidiary Mandiant, to assess code, corporate structure and employee practices and to help identify potential vulnerabilities. Forced password resets were introduced — commonly every six months or once a year — to curb risks from reused or leaked passwords and from hardware malware.

adultfriendfinder, friendfinder networks, 2016 breach, data breach, sha-1, salted hashing, encryption, mandiant, password resets, plain text