Users of online dating site Adult FriendFinder – and the various alternative sites in its network – have been left with concerns after it emerged that the database of almost 4 million records has been hacked and leaked.
AdultFriendFinder: A Social Network for Sex
Unfamiliar with Adult FriendFinder? It’s essentially a dating website (a phenomenon that seems geared more towards men than women), albeit one with a number of sub-websites within the umbrella, each catering for different bedroom interests.
These include Alt.com, Senior FriendFinder, Amigos.com, BigChurch.com, and others. A relic of the “old web”, Adult FriendFinder is still going strong despite competition from Match.com, and mobile apps like Tinder (although if you’re dating with that app, avoid these common Tinder mistakes).
Users are required to sign-up and provide a username and photo to start chatting with others, and contacts can be made based on location, sexual interest, age, etc. For those with a positive interest in sexual activities, these sites can prove useful, if you provide credit card information to pay for a subscription, you can unlock additional features.
Typical information stored by Adult FriendFinder includes your credit card details (number, expiration date, name and billing address) and things like your age, height, eye color, weight, physical attributes and even your sexual interests.
Not really the cocktail of data you want to find in the hands of criminals.
The Breach and its Impact
With a network of 64 million members, 3.9 million is only a 16th of the size the breach might have been. This doesn’t mean that this situation is in any way good, of course.
The full Adult Friend Finder database is now for sale on the black market for about US$17k: pic.twitter.com/Nparx95A8e
— Troy Hunt (@troyhunt) May 23, 2015
Not only has the data been hacked, it has also been put up for sale for $17,000 worth of Bitcoins. Considering the details potentially locked in this database, that price seems low. The data itself is available to preview in redacted form on various database dump repositories, which we’re not able to link to.
Following enquiries from the BBC, Adult FriendFinder issued the following response:
“FriendFinder Networks Inc. has only just been made aware of this potential issue and understands and fully appreciates the seriousness of the issue. Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation.
“We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected.”
The response also confirmed that law enforcement agencies had been contacted, and that Adult FriendFinder was working with forensics experts at Mandiant.com.
But how did they communicate this information to their members?
With a subtle link on the login page. Not ideal.
Developing the information previously revealed, Adult FriendFinder insisted that no financial data or passwords were leaked.
“It is important to note that, at this time, there is no evidence that any financial information or passwords were compromised.”
They have also launched an internal investigation and disabled username search results that would return details on anyone affected by the leak.
Are You Fearing Blackmail?
If you’ve read this far, there is a good chance that you have used Adult FriendFinder or one of its subordinates over the years. Perhaps you posted a drunk nude selfie, or expressed an interest in an unusual or unfamiliar activity.
We’re not judging.
However, this and all of the other information on your profile might be used against you. So what do you do?
First, head to https://haveibeenpwned.com/ and run a search for your email address or the username used to sign up to Adult FriendFinder. This site has proved useful with previous breaches and is the only legitimate account checking tool. If this returns a result highlighting that breach, then keep reading. Otherwise, stroll on, although be mindful that with the data out there, other uses for it might be found (such as an “is he/she cheating on me?” search engine).
Second, and despite Adult FriendFinder’s protestations, you need to ensure that any credit card you had on file is cancelled. That information is now up for sale, and you don’t want to find your credit card cloned and used to purchase a toothbrush in Zagreb. While the site might claim that your credit card information has not been leaked, this is not something you can take on trust, given the circumstances.
Third, check and keep an eye on your credit file. Hackers and criminal buyers of such data can use the information from an Adult FriendFinder to clone YOU, and create financial accounts in your name. Elsewhere, we’ve listed other identity theft warning signs you should keep an eye out for.
Fourth, if you’re blackmailed, inform the police immediately. Don’t pay up, as this will only encourage the criminals to demand more.
There is some relief here; the news isn’t all bad. Adult FriendFinder reports that it actively culls data. If you have been inactive on the site for a few years, then there is a good chance that your personal information (from embarrassing username, nudes and flirty messages to credit card data) has been discarded, and is safe from this hack.
Have you been affected by this leak? Are you concerned that your sexual interests are now available for purchase, or is it the credit card and personal data that worries you most? Tell us in the comments.