Adult FriendFinder Data Breach
AdultFriendFinder Network Breach (2016): 220 Million Adult Platform User Accounts Including Passwords Exposed
Adult-oriented dating and entertainment platform.
Risk Interpretation
Extremely high risk. Exposure supports extortion, blackmail, harassment, and identity linkage around sexual behavior. The scale of the 2016 incident also made it especially useful for credential stuffing and mass targeting.
Impact & Downstream Threats
The 2016 breach was one of the largest and most sensitive dating-platform exposures ever reported, affecting hundreds of millions of accounts across Adult FriendFinder and related FriendFinder properties. Public reporting and breach tracking say the exposed data included usernames, email addresses, passwords, site-usage metadata, and records tied to adult-oriented accounts, with many passwords stored in plain text or weakly hashed and with some supposedly deleted accounts still present. That mad
- Credential stuffing against reused passwords across other platforms
- Targeted phishing campaigns using exposed email addresses
Threat Vectors
Breach Intelligence
Executive Summary
Friend Finder Networks, the operator of Adult FriendFinder and five related platforms including Cams.com and Penthouse.com, suffered one of the largest data breaches ever recorded on a dating service. Attackers exploited a Local File Inclusion vulnerability in a company web application, which allowed them to read server configuration files and reach production databases. The breach exposed approximately 412 million account records across the FriendFinder portfolio, with around 339 million tied to Adult FriendFinder alone. After removing duplicates, roughly 220 million unique email addresses were affected. The stolen data was traded privately on underground forums before appearing in public breach-notification services in early 2020. The exposed records included usernames, email addresses, passwords, IP logs, and spoken-language settings. Critically, 99 percent of passwords were stored either in plain text or using unsalted SHA-1, a weak hashing method that is trivially easy to reverse. The breach also surfaced approximately 15 million accounts that users had deleted but that Friend Finder Networks had never actually removed from its systems. Because the platform is adult-oriented, the combination of email addresses and cracked passwords carries a heightened risk. Affected individuals face potential extortion and sextortion attempts, even if they never engaged in explicit activity, simply because their email address is tied to a known adult platform. Friend Finder Networks did not publicly disclose the breach through formal regulatory channels in a timely manner, and no widely reported civil or criminal enforcement action followed. The cracked credential lists circulated quickly after the data became public, fueling credential-stuffing attacks against unrelated sites where users had reused the same passwords. Anyone whose email address appears in this breach should treat that password as fully compromised, change it anywhere it was reused, and remain alert to blackmail or phishing attempts that reference their Adult FriendFinder account.
About Adult FriendFinder
Adult FriendFinder is an adult-oriented dating and social networking platform operated within the FriendFinder Networks portfolio. The service has long been built around profiles, messaging, sexual-interest matching, and community interaction for adult users seeking hookups, swinger connections, and other explicit relationship or lifestyle activity.
Why They Hold Your Data
Adult hookup platforms collect emails, usernames, passwords, profile language preferences, and relationship or sexual-interest-linked account data across large user communities.
Recent Developments
Adult FriendFinder remains active as part of FriendFinder Networks, which publicly says it is in a modernization phase under founder Andrew Conru’s renewed ownership and CEO Brock Purpura’s leadership. Current company materials describe a member-first strategy, leadership changes in 2024, and a broader effort to update the platform and its surrounding network of adult and dating properties.
Data Points Exposed
Canonical Fields
email_address, password, spoken_language, username
Dark Web Verification
- Dataset containing ~220.0M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: adultfriendfinder.com-2016;Adult FriendFinder (2016) Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Adult FriendFinder
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam