Adult FriendFinder User Details Hacked

data breach, security breaches

Adult FriendFinder has called in police after being informed of the leak of millions of users’ personal details, including those of ex-users

Adult FriendFinder, a leading dating and sex website, has admitted its systems have been breached by hackers, leaking detailed personal information on millions of users.

The site, a sex-oriented spin-off of dating website FriendFinder.com, has an estimated 64 million members in all, including more than 7 million British members, and is ranked as one of the US top 100 websites.

Top dating site

data-breachThe site’s parent company, FriendFinder Networks, said it was alerted to the hack after an investigation by Channel 4 found that the details of 3.9 million Adult FriendFinder users had been posted on a hacker website.

The company said it appreciated the “seriousness” of the incident and had begun an investigation in cooperation with law enforcement authorities and forensics firm Mandiant.

“Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation,” the company said in a statement.

The leaked data includes email addresses, usernames, dates of birth, postcodes and IP addresses of users’ computers, as well as their sexual preferences and whether they are seeking extramarital affairs, according to Channel 4.

Army personnel involved

The data includes data on dozens of government and armed services staff in the US and the UK, including members of the British Army, according to the network, meaning it could be used to blackmail those involved.

xxxThe data also reportedly includes details on users who told the site to delete their accounts. One affected user contacted by the network said he had told the site to delete his data after initially signing up, and had never used the service. The user has since been targeted with spam emails containing malicious code.

Adult FriendFinder has been alleged to have a low female-to-male ratio, and the network’s investigation confirmed this, finding that amongst the 26,939 hacked users with UK email addresses there was only one woman to every 16 men.

“The Internet has essentially become a database of You. As more data is breached, this information can be sold in underground markets and can create a very vivid profile of an individual,” said Ken Westin, senior security analyst at Tripwire. “When dating information is compromised it can be used to embarrass individuals, which can lead to blackmail as well as highly targeted phishing campaigns.

“Depending on the type of information that is compromised this data can be used to link aliases to other accounts via email or other shared attribute and unveil connections to accounts that were not seen until now.

“An example would be a politician that may have created an account using a fake name, but used a known email address for their login details, or a phone number that can be mapped back to their real identity, this is an example of how data like this can lead to further blackmail and/or extortion by a malicious actor seeking to profit from this type of information.”

Data breaches

The site has itself had a number of previous run-ins with the law, having been sued numerous times in the US for the allegedly systematic practice of continuing to bill users after they have cancelled their accounts, and last year settled criminal charges against it by the Federal Trade Commission (FTC) over the matter. In 2007, the site settled separate FTC charges over allegedly bombarding users with sexually explicit advertisements via search results for innocuous terms such as “flowers”.

In a separate incident, mSpy, which offers software that can be used to track users via their mobile devices, admitted on Thursday to having been hacked, with thousands of customer details being leaked. The site had previously denied that any personal details had been exposed.

Other major customer data breaches have this year affected the bank HSBC, the Mandarin Oriental hotel chain and telecoms firm TalkTalk.

Are you a security pro? Try our quiz!