The biggest hack of of 2016 has been revealed, and it’s huge. In fact, it’s nearly as big as the Yahoo half-billion user hack of 2014 that we only just learned about. That may surprise you considering this one involved AdultFriendFinder.

Image: Pexels

Data on nearly 340 million users was stolen from the alternative dating site alone. Many more were leaked from other FriendFinder Networks sites. 62 million from video chat site Cams.com. Another 7 million from Penthouse.com. Approximately 2.5 million more from other domains.

In total, more than 412 million user records were stolen. Apart from the staggering volume of victims and the sensitive nature of the activity going on at AdultFriendFinder, there’s another troubling detail about this hack. Much of the user data was stored as plain text.

That means email addresses, passwords, and other details are completely exposed. Even customers who think they’d cut ties with AdultFriendFinder have been caught with their pants down. Deleted accounts were still listed among the active ones, they had merely been flagged.

Poor Password Choices

You might think that users would be a bit more careful when choosing passwords for a site like AdultFriendFinder. That couldn’t be further from the truth. Nearly a million users went with 123456. 600,000 stopped at 12345. Another million added 7,8,9, and 0. Other popular — and extremely unwise — choices included password, qwerty, and iloveyou.

These are the kind of passwords the kids in the movie Hackers knew were overused way back in 1995… and it certainly wouldn’t take 100 guesses to crack them.

Continuing Struggles

Nearly a decade ago, Penthouse assumed control of AdultFriendFinder when they acquired parent company Various, Inc. for $500 million. The one-time Playboy competitor later changed its its name to FriendFinder Networks. In 2013, the company filed for bankruptcy and has its stock de-listed from NASDAQ.

Turning a profit on niche adult services online just wasn’t all that easy any more. With other sites offering users a similar “friend finding” experience for free, the writing was on the wall.

Apart from their business struggles, they’ve had their share of security troubles in the past, too. FriendFinder Networks was hacked last year, too. That incident paled in comparison to the one last week: “only” 3.5 million users were impacted in the 2015 breach.