adult website data breachesFew people find themselves excited about a data breach, but the information entrusted to certain types of websites certainly carries more potential to cause serious damage than others. When the database of a website is privy to some of the darker secrets its users would rather not share with most of the world, such as an adult-oriented website, is hacked, the risks go beyond identity theft and financial woes. Adult website data breaches are more common than you’d think — just ask the 32 million users of notorious adult site Ashley Madison, whose personal and financial information was stolen when the site was hacked last year. In addition to worrying about the typical problems that crop up after your data has been part of a security breach, victims of adult website data breaches also have to worry about the potential for blackmail and damage to their reputations. That’s why millions of people right now are likely cringing from the news that a staggering 412 million user accounts from Friend Finder Network websites have been exposed in a breach that stands to be eclipsed only by the recent 500 million account Yahoo breach. Here’s what you need to know about this data breach, as well as the risks posed to users when it comes to adult website data breaches.

This breach could be one of the largest ever discovered online

As we already mentioned, more than 400 million accounts were reportedly exposed in this data breach. It was discovered and reported by LeakSource, which is a website that catalogs and organizes data found online so people can find out whether their data has been leaked online and where it came from. According to LeakSource, the exposed accounts include 339 million Adultfriendfinder.com users (including 15 million “deleted” accounts), 62 million Cams.com accounts, 17 million Penthouse.com accounts and a few million from other, smaller websites. All of these sites are part of the Friend Finder Network, and the data encompasses two decades.

Leaked information includes usernames, email addresses, join dates, date of last visit as well as passwords. LeakSource says it was able to crack about 99% of the user passwords it discovered, pointing to lax password security or none whatsoever — neither of which is comforting to users of any Friend Finder Network websites. This is the second time in the past year that Adult FriendFinder has been hacked; in May 2015, approximately 4 million user accounts were exposed and the data included details like sexual preferences or whether someone was looking to cheat on their partner. One small sliver of good news about this second, much larger data breach is that this type of data was not included — but that doesn’t mean users aren’t at risk of finding themselves in compromising positions over the weeks and months to come.

What specific risks do adult website data breaches pose?

While theoretically any type of data breach could open its victims to exploitation at the hands of criminals, especially in the form of phishing scams, the risk is dramatically greater for adult website data breaches. In the aftermath of the Ashley Madison breach, plenty of people from ordinary citizens to high-profile celebrities and government officials faced scrutinization when it was discovered they had an account on the site. Since it’s a website specifically designed to help people cheat on their significant others, ownership of an account on Ashley Madison put people in the perfect position to be taken advantage of by blackmailers who wanted to use fear of discovery to get something out of them. And it wasn’t just Ashley Madison account holders who were targeted — some spouses received ransom letters as well in the months following the breach.

There’s a strong possibility that many people who were exposed in this Friend Finder Network data breach could face similar attempts at blackmail, though fortunately since sexual preferences and similar data were not exposed in this breach, there might be some protection. Still, most people using one of these websites probably don’t want the majority of the other people in their lives to know about it, which puts cybercriminals at the advantage. Even if someone doesn’t face financial exploitation, there’s still the very real risk that their reputation could be in jeopardy — already, thousands of UK government emails have been revealed in this breach. What should you do if you find yourself targeted by a blackmailer? The same advice we gave on dealing with ransomware should be helpful in most cases.

Deleting an account doesn’t necessarily mean your information is erased

Even more disconcerting in this breach is evidence that some of the stolen data was from “deleted” accounts — meaning some people who might think they are in the clear because they deleted their accounts could be in for a rude awakening if the wrong person gets their hands on the breached data. It’s important for anyone online to understand that just because you go through the motions to close down an account, doesn’t necessarily mean the website has actually purged your information from its database. Even more worrisome, the Penthouse.com accounts involved in this data breach shouldn’t be in the Friend Finder Network’s servers anymore, period, since the website was sold earlier this year. Unfortunately, the only time most people find out that a website or business has kept their information past when an account has been closed or deleted, is when something like this occurs.

This highlights the importance of reading the privacy policy of any website before you sign up to understand what happens to your information while you’re a member as well as after you close your account. It’s also wise to think twice before providing any personal information to a website, especially one that you might not want other people to know you’re using, in the event of a breach like this. Theoretically, we’d all like to trust the websites we use, but time and time again, that’s sadly proven to be a mistake. While not all websites have the strongest privacy policies or password protections, as users we can take matters into our own hands by doing things like using separate email addresses for important things like banking and making sure to employ strong password tactics.

Learn more about how to protect your privacy online by following our blog on the subject, and get the latest news on data breaches you should know about on our identity theft protection blog.