Adult FriendFinder 2016 Data Breach

AdultFriendFinder Network Breach (2016): 220 Million Adult Platform User Accounts Including Passwords Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

MisconfigurationAdultEmail AddressPasswordSpoken LanguageUsername
Moderate SeverityWebsite / service breach

AdultFriendFinder Network Breach (2016): 220 Million Adult Platform User Accounts Including Passwords Exposed

Adult-oriented dating and entertainment platform.

Verified by ObscureIQ Intelligence
54/100Breach Risk Index
25Data Value
25Market Recency
512dSince Breach

Breach Intelligence Summary

Entity: Adult FriendFinder · Actor: Unknown · Sources: 3 references
Attack: Misconfiguration
Profile: Company · Online dating and adult social platforms · Network of niche social platforms · Global
Timeline: Breach (2016-10-01) · Indexed (Dec 01, 2024) · Year (2016)
Exposure: 220.0M records · 4 fields: Email Address, Password, Spoken Language, Username
Status: Reported

Executive Summary

Friend Finder Networks, the operator of Adult FriendFinder and five related platforms including Cams.com and Penthouse.com, suffered one of the largest data breaches ever recorded on a dating service. Attackers exploited a Local File Inclusion vulnerability in a company web application, which allowed them to read server configuration files and reach production databases. The breach exposed approximately 412 million account records across the FriendFinder portfolio, with around 339 million tied to Adult FriendFinder alone. After removing duplicates, roughly 220 million unique email addresses were affected. The stolen data was traded privately on underground forums before appearing in public breach-notification services in early 2020. The exposed records included usernames, email addresses, passwords, IP logs, and spoken-language settings. Critically, 99 percent of passwords were stored either in plain text or using unsalted SHA-1, a weak hashing method that is trivially easy to reverse. The breach also surfaced approximately 15 million accounts that users had deleted but that Friend Finder Networks had never actually removed from its systems. Because the platform is adult-oriented, the combination of email addresses and cracked passwords carries a heightened risk. Affected individuals face potential extortion and sextortion attempts, even if they never engaged in explicit activity, simply because their email address is tied to a known adult platform. Friend Finder Networks did not publicly disclose the breach through formal regulatory channels in a timely manner, and no widely reported civil or criminal enforcement action followed. The cracked credential lists circulated quickly after the data became public, fueling credential-stuffing attacks against unrelated sites where users had reused the same passwords. Anyone whose email address appears in this breach should treat that password as fully compromised, change it anywhere it was reused, and remain alert to blackmail or phishing attempts that reference their Adult FriendFinder account.

ObscureIQ assessment: Extremely high risk. Exposure supports extortion, blackmail, harassment, and identity linkage around sexual behavior. The scale of the 2016 incident also made it especially useful for credential stuffing and mass targeting.

Breach Impact

The 2016 breach was one of the largest and most sensitive dating-platform exposures ever reported, affecting hundreds of millions of accounts across Adult FriendFinder and related FriendFinder properties. Public reporting and breach tracking say the exposed data included usernames, email addresses, passwords, site-usage metadata, and records tied to adult-oriented accounts, with many passwords stored in plain text or weakly hashed and with some supposedly deleted accounts still present. That made the breach especially serious because it enabled credential stuffing and account takeover, while also creating elevated risks of extortion, humiliation, outing, and highly targeted phishing tied to sexual-interest data.

About Adult FriendFinder

Adult FriendFinder is an adult-oriented dating and social networking platform operated within the FriendFinder Networks portfolio. The service has long been built around profiles, messaging, sexual-interest matching, and community interaction for adult users seeking hookups, swinger connections, and other explicit relationship or lifestyle activity.

Why They Hold Your Data

Adult hookup platforms collect emails, usernames, passwords, profile language preferences, and relationship or sexual-interest-linked account data across large user communities.

Recent Developments

Adult FriendFinder remains active as part of FriendFinder Networks, which publicly says it is in a modernization phase under founder Andrew Conru’s renewed ownership and CEO Brock Purpura’s leadership. Current company materials describe a member-first strategy, leadership changes in 2024, and a broader effort to update the platform and its surrounding network of adult and dating properties.

Data Points Exposed

4 verified field types
Email Address
Password Critical
Spoken Language
Username

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Credential stuffing against reused passwords across other platforms
  • Targeted phishing campaigns using exposed email addresses
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Credential stuffing & account takeover
  • Targeted phishing localization
  • Cross-platform tracking & credential stuffing

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Password manager guide
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Adult FriendFinder breach?

Friend Finder Networks, the operator of Adult FriendFinder and five related platforms including Cams.com and Penthouse.com, suffered one of the largest data breaches ever recorded on a dating service. Attackers exploited a Local File Inclusion vulnerability in a company web application, which…

What data was exposed?

Verified fields include Email Address, Password, Spoken Language, Username.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
Breach Index
Have I Been Pwned
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation