Hashing algorithms are not standardize across our network of sites yet. We use various methodology depending on what allows us to move fast and secure. You would be surprised to see the amount of moving parts there are.
We are currently in very close discussions with the 3rd party. In our official statement we purposely did not name them, we don't want to throw them under the bus. Of course we are reviewing all obligations.
We do deal with multiple security firms, and we regularly do security audits (both white and black box audits). We also deal with PCI, because we have paying sites as well, like Brazzers.
We can talk about the industry in general another time, but obviously we believe all types of sites can co-exist.