If you find your dates or whatever it is you’re into on AdultFriendFinder…. Not that there’s anything wrong with that…. You might have a reason to worry. About 3.5 million personally identifiable records were leaked from systems belonging to the adult oriented website which confirmed the breach after the hack first surfaced in April:
Word of Adult Friend Finder’s problems first surfaced last month. An IT consultant and Darknet researcher, who prefers to be known as Teksquisite, discovered the files on a forum in April. Salted Hash, looking to confirm her findings, discovered the same posts and files in short order.
The hacker claiming responsibility for the breach says they’re from Thailand, and started boasting about being out of reach of U.S. law enforcement because of location alone. As for local law enforcement, they’re confident they can bribe their way out of trouble, so they continued to post Adult Friend Finder records.
Using the handle ROR[RG], the hacker claims to have breached the adult website out of revenge, because a friend of theirs is owed money – $247,938.28. They later posted a $100,000 USD ransom demand to the forum in order to prevent further leaks.
In all, across 15 different CSV files, ROR[RG] posted 3,528,458 records. The files are database dumps with 27 fields in total; the most important being IP address, email, handle, country, state, zip code, language, sex, race, and birth date. Dates confirm that the data is at least 74-days old.
Here’s what AdultFriend Finder had to say:
“FriendFinder Networks Inc. has just been made aware of a potential data security issue and understands and fully appreciates the seriousness of the issue. We have already begun working closely with law enforcement and have launched a comprehensive investigation with the help of leading third-party forensics expert, Mandiant, a FireEye Company, the law firm of Holland & Knight, and a global public relations firm that specializes in cyber security.
“Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation. We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected.”
Sure you will. Either you were covering things up until you were forced to admit it, or you were asleep at the switch or your IT security sucks. That’s bad any way you slice it and users of the website should be outraged. The only good thing that they did was that they got Mandiant to look into this. Maybe they will whip your website into shape.
So, why am I being so harsh on AdultFriendFinder? Simple, this hack hurts people who really didn’t need the fact that they surf the Internet looking for Mr./Ms. Right or Mr./Ms. Right Now. Let me illustrate how this hurts people:
The problem that came to light was that, buried in the data, people were using their work email address to register for Adult Friend Finder. It was noticed by some folks I spoke with who were familiar with the data, that there were email addresses for folks serving in the US Army, US Airforce, Australian military as well as members of the Colombian, Brazilian and the Canadian Forces. That was just based on a cursory search.
Further to that end, according to the leaked data, government related email addresses showed that staffers from around the world had registered with their work email. Rather amazing that people would do such a thing.
So, why is this a problem? Well, an enterprising sort could track a person back through some simple searches. In one scenario someone would be possibly able to find a military personnel’s home address, current station, and…the names of his wife and children just as an example scenario.
Now, I could say that anyone who is dumb enough to use their work e-mail address to register on this site deserves to have their privacy invaded. But that’s wrong. Nobody needs to have their privacy invaded. Ever. Hopefully the low lives who are responsible get caught and jailed as hacks that violate the privacy of people should not be tolerated.