In a security update announcement on May 22, 2015 FriendFinder Networks Inc., the parent company of Adult Friend Finder, confirmed that they were aware of a “potential data security incident” and that they were taking immediate action, stating that the security of its members was its highest priority.
In May of 2015 hackers were able to breach to the Adult Friend Finder database and gain access to four million data records, which they then publicly dumped. The data dump included highly sensitive information from the adult hookup site’s 64 million registered users including user names, email addresses, dates of birth, gender, race, relationship statuses, IP addresses, geographic locations, sexual preferences, and languages spoken.
One of the actions FriendFinder Networks has taken was to immediately launch an internal investigation, informing all concerned law enforcement agencies including the FBI and hiring a third party cyber security firm, Mandiant, to:
[I]nvestigate the incident, review network security and remediate our system.” FriendFinder Networks has launched an internal investigation to “review and expand existing security protocols and processes, has temporarily disabled the ability to search by username, and has masked the usernames of any users we believe were affected by the security issue.
FriendFinder Networks is advising its members who may have been affected to change their user names and passwords and if they have used these (user names and password) for other sites to change them there as well. The company has also stated, “It is important to note that, at this time, there is no evidence that any financial information or passwords were compromised.”
However, the contained picture that FriendFinder Networks presents may not be so rosy. It is being widely reported that a Thai hacker who goes by the name ROR[RG] is claiming to be responsible for the hack and has demanded that FriendFinder Networks pay him $100,000 to prevent any further data dumps of the stolen information taken from FriendFinder Networks’ database. The hacker has been boasting about the breach and claiming he is out of law enforcement’s reach due to his residence in Thailand.
A hack of this nature is very serious because the breach of members’ user names, passwords, locations, date of birth, sex, sexual orientation and preferences can certainly lead to possible identity theft, spam and phishing schemes of a financial nature, but could also lead to cyber criminals blackmailing individuals to not publicly publish embarrassing information about one’s sexual activities, preferences or divulge the information to a spouse, family member, employer, community etc. For an unscrupulous individual, the sensitive information involved in this cyber intrusion could be used to ruin someone socially. Or worse yet, government or military employees could be blackmailed into divulging confidential information that could put other people’s lives in jeopardy. This hack could have far more serious ramifications for the people affected by this breach than your garden variety corporate cyber breach.
Additional Resources About This Breach: