The massive October hack of a cadre of adult hookup and pornography sites contained thousands of government and military email addresses, according to the group that uncovered the breach.
The breach of AdultFriendFinder.com and related sites included 5,650 dot-gov email addresses and more than 78,000 dot-mil addresses, according to LeakedSource.com, which found the credentials cache.
The breach affected Friend Finder Networks sites including the adult dating site AdultFriendFinder.com, the porn site Penthouse.com and numerous live adult performance sites such as Stripshow.com and Cams.com.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
It’s not clear how many of the government and military email addresses are genuine, LeakedSource said in an email to Nextgov, and the company hasn’t yet culled through to look for signs of fakes.
“E.g.: email@example.com is probably not really Obama registering,” the company said. “A large number of them should be real if the Ashley Madison breach is any indication,” the company said, referring to the 2015 breach of a separate adult hookup site.
LeakedSource investigates data breaches and vulnerabilities and offers a mix of free and paid services for people and companies to figure out if they were affected. LeakedSource is not making the Friend Finder Network data searchable on its site for the time being, the company said.
The total Friend Finder Network cache included over 400 million emails from around the world, many of them dating back years or decades, LeakedSource said in a Sunday blog post. Many of those email holders had unsubscribed from the sites, but the company was still storing their emails, LeakedSource said.
Many of the emails were also linked to passwords stored in discoverable formats, the company said. AdultFriendFinder.com had just about 6 million active users in 2016, LeakedSource said.
There’s no indication the breach uncovered bank or credit card data.
Friend Finder Network did not immediately respond to a Nextgov request for comment.
The company confirmed to ZDNet it had discovered a vulnerability but did not describe the flaw's scope or say whether customer data had been stolen. The company is investigating breach reports, Friend Finder Networks Senior Counsel Diana Ballou told ZDNet.