The email addresses, sexual orientations and other sensitive details of nearly four million AdultFriendFinder.com subscribers have been leaked to the internet following a hack that entrenched the casual dating service, said security researchers.
The cache includes over 3.8 million unique email addresses of current and former subscribers, Australian security researcher Troy Hunt reported early Friday morning. The data, which comes in the form of 15 Microsoft Excel spreadsheets, was first transmitted to anonymous sites hosted on the Tor privacy network. It has since spread to sites on the open Internet. Links to the sites hosting the data are easy to find on Twitter and other social media sites (Ars does not publish locations).
The compromise was first reported by UK broadcaster Channel 4. In addition to including users’ email addresses and sexual orientations, the data also provided other sensitive information, such as age, postcodes and whether the subscriber was looking for a link. extra marital. The treasury contained information on deleted accounts as well as those still open.
The violation appears to be that described in a April 13 blog post titled Hacked! How secure is your data on adult sites? In the post, researcher Bev Robb did not mention the name Adult Friend Finder, but said the breach applied to one of the largest adult websites on the internet. Robb wrote:
During a fit of rage, an angry hacker (through the ROR handle[RG]) posted 15 downloadable spreadsheets (in compressed file format with credit card data deleted) on a week-old Darknet forum, stating that it had rooted the adult site’s database. Why? Because they owed her boyfriend approximately US $ 248,000. He boasted that the company and law enforcement couldn’t touch him because he was based in Thailand. His ransom demand was set at $ 100,000 (50G to start and 50G to end).
If you combine the ransom note with the amount owed to the hacker buddy–we’re looking at around US $ 348,000. If the data breach is genuine (and I’m sure it is), there is a ton of Personally Identifiable Information (PII) on a forum on the Darknet that has been viewed 1,756 times. It is not known how many times the violated data files were downloaded. Although the files have been stripped of credit card data, it is still relatively easy to connect the dots and identify the thousands and thousands of users who subscribe to this adult site.
It is not immediately possible to verify this description. So far, Adult Friend Finder officials have not commented on the mine of data circulating or the circumstances under which it has become available.
The breach is the latest reminder that privacy is not just a matter of our own individual operational security, but also the operational security of anyone with whom we send emails, text messages, or deal in business. According to Channel 4, exposed Adult Friend Finder subscribers are already inundated with waves of spam. There is no doubt that private investigators, rejected spouses and others are flocking to it as well. Affected email addresses can be found using Hunt’s tracing service have I been sentenced website.