Adult FriendFinder, a leading dating and sex website, has admitted its systems have been breached by hackers, leaking detailed personal information on millions of users.
The site, a sex-oriented spin-off of dating website FriendFinder.com, has an estimated 64 million members in all, including more than 7 million British members, and is ranked as one of the US top 100 websites.
The company said it appreciated the “seriousness” of the incident and had begun an investigation in cooperation with law enforcement authorities and forensics firm Mandiant.
“Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation,” the company said in a statement.
The leaked data includes email addresses, usernames, dates of birth, postcodes and IP addresses of users’ computers, as well as their sexual preferences and whether they are seeking extramarital affairs, according to Channel 4.
The data includes data on dozens of government and armed services staff in the US and the UK, including members of the British Army, according to the network, meaning it could be used to blackmail those involved.
Adult FriendFinder has been alleged to have a low female-to-male ratio, and the network’s investigation confirmed this, finding that amongst the 26,939 hacked users with UK email addresses there was only one woman to every 16 men.
“The Internet has essentially become a database of You. As more data is breached, this information can be sold in underground markets and can create a very vivid profile of an individual,” said Ken Westin, senior security analyst at Tripwire. “When dating information is compromised it can be used to embarrass individuals, which can lead to blackmail as well as highly targeted phishing campaigns.
“Depending on the type of information that is compromised this data can be used to link aliases to other accounts via email or other shared attribute and unveil connections to accounts that were not seen until now.
“An example would be a politician that may have created an account using a fake name, but used a known email address for their login details, or a phone number that can be mapped back to their real identity, this is an example of how data like this can lead to further blackmail and/or extortion by a malicious actor seeking to profit from this type of information.”
The site has itself had a number of previous run-ins with the law, having been sued numerous times in the US for the allegedly systematic practice of continuing to bill users after they have cancelled their accounts, and last year settled criminal charges against it by the Federal Trade Commission (FTC) over the matter. In 2007, the site settled separate FTC charges over allegedly bombarding users with sexually explicit advertisements via search results for innocuous terms such as “flowers”.
In a separate incident, mSpy, which offers software that can be used to track users via their mobile devices, admitted on Thursday to having been hacked, with thousands of customer details being leaked. The site had previously denied that any personal details had been exposed.
Other major customer data breaches have this year affected the bank HSBC, the Mandarin Oriental hotel chain and telecoms firm TalkTalk.
Are you a security pro? Try our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…