Categories: Security

Adult FriendFinder User Details Hacked

Adult FriendFinder, a leading dating and sex website, has admitted its systems have been breached by hackers, leaking detailed personal information on millions of users.

The site, a sex-oriented spin-off of dating website FriendFinder.com, has an estimated 64 million members in all, including more than 7 million British members, and is ranked as one of the US top 100 websites.

Top dating site

The site’s parent company, FriendFinder Networks, said it was alerted to the hack after an investigation by Channel 4 found that the details of 3.9 million Adult FriendFinder users had been posted on a hacker website.

The company said it appreciated the “seriousness” of the incident and had begun an investigation in cooperation with law enforcement authorities and forensics firm Mandiant.

“Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation,” the company said in a statement.

The leaked data includes email addresses, usernames, dates of birth, postcodes and IP addresses of users’ computers, as well as their sexual preferences and whether they are seeking extramarital affairs, according to Channel 4.

Army personnel involved

The data includes data on dozens of government and armed services staff in the US and the UK, including members of the British Army, according to the network, meaning it could be used to blackmail those involved.

The data also reportedly includes details on users who told the site to delete their accounts. One affected user contacted by the network said he had told the site to delete his data after initially signing up, and had never used the service. The user has since been targeted with spam emails containing malicious code.

Adult FriendFinder has been alleged to have a low female-to-male ratio, and the network’s investigation confirmed this, finding that amongst the 26,939 hacked users with UK email addresses there was only one woman to every 16 men.

“The Internet has essentially become a database of You. As more data is breached, this information can be sold in underground markets and can create a very vivid profile of an individual,” said Ken Westin, senior security analyst at Tripwire. “When dating information is compromised it can be used to embarrass individuals, which can lead to blackmail as well as highly targeted phishing campaigns.

“Depending on the type of information that is compromised this data can be used to link aliases to other accounts via email or other shared attribute and unveil connections to accounts that were not seen until now.

“An example would be a politician that may have created an account using a fake name, but used a known email address for their login details, or a phone number that can be mapped back to their real identity, this is an example of how data like this can lead to further blackmail and/or extortion by a malicious actor seeking to profit from this type of information.”

Data breaches

The site has itself had a number of previous run-ins with the law, having been sued numerous times in the US for the allegedly systematic practice of continuing to bill users after they have cancelled their accounts, and last year settled criminal charges against it by the Federal Trade Commission (FTC) over the matter. In 2007, the site settled separate FTC charges over allegedly bombarding users with sexually explicit advertisements via search results for innocuous terms such as “flowers”.

In a separate incident, mSpy, which offers software that can be used to track users via their mobile devices, admitted on Thursday to having been hacked, with thousands of customer details being leaked. The site had previously denied that any personal details had been exposed.

Other major customer data breaches have this year affected the bank HSBC, the Mandarin Oriental hotel chain and telecoms firm TalkTalk.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago