Adult FriendFinder

A hack against popular adult dating and entertainment company FriendFinder Networks has exposed personal data linked to more than 412 million user accounts. The breach is one of the largest in history, and marks the second such incident at the company in two years.

Nearly 340 million accounts from the company’s flagship site, Adult FriendFinder, were compromised according to a report from LeakedSource. The hack also targeted other sites owned by FriendFinder Network, including Cams.com, and records from Penthouse.com, which was sold in February.

The Adult FriendFinder data stretched back 20 years. Information such as usernames, emails, and join dates was stolen, along with account passwords (the majority of which featured unsecured protections or none at all) and membership data like VIP status and browser information. The cache also appears to include 15 million email addresses from deleted accounts.

Looking for a morally suspect way to blow $17,000? Here's an idea: purchase the private info stolen from an adult dating website.

According to multiple reports, a massive database of user data was swiped from casual hookup site AdultFriendFinder. It's now going for 70 bitcoins — the equivalent of nearly $17,000 — on the Dark Web.

Adult FriendFinder boasts 63 million users worldwide, billing itself as a "thriving sex community.” Up to 4 million members who shared sensitive sexual information with the site have been affected by the hack.

Allegedly the unredacted data for sale includes personal details like names, email addresses, and postal codes, as well as information about sexual habits and orientation. In addition to your garden variety identity fraud and spam, a breach of this nature could put users at risk of extortion and blackmail.

Interest in the poached info appears to be high. ROR[RG], the moniker used by the hacker who claims to have breached the site, wrote "I have had so many people ask me to buy the db today" in an underground forum on Saturday. ROR[RG] is also offering to break into any company or website for 750 bitcoins (about $170,000).

Within hours of the data being leaked, hackers on the forum declared their intentions to hit victims with spam emails. After sending out virused emails, they can trawl through the data for potential blackmail targets. So far there have been confirmed reports of users receiving spam with malware or trojans.

FriendFinder Networks, the Silicon Valley company that operates the service, says “there is no evidence that any financial information or passwords were compromised.” The company has hired the Mandiant response division of cyber-security company FireEye, which has previously investigated a number of high-profile breaches, to investigate.

In the meantime members are urged to update their user names and passwords. AdultFriendFinder is also temporarily blocking attempts to search for user profiles by any users who are suspected of being affected by the security issue.

"As is common with similar cyber attack events, until the investigation is completed, it will be difficult to confirm the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates on this site as we learn more from our investigation," said Adult FriendFinder in a statement. "Protecting our members' information is our top priority and we will continue to take the appropriate steps needed to protect our members and their information."

The hacking of large company databases for personal and compromising information is on the rise. First it was giant retailer Target, then entertainment studio Sony, followed by a few of the major insurance companies - and it has been reported that as many as 200 companies have been hacked in the last few years, its victims their own customers and employees.

But this week, in perhaps the most personal of the recent data hacks, dating website Adult Friend Finder (a service for those looking for casual friendships and sexual hook-ups), has announced that its customer data has also been breached.

Channel 4 News in the UK has reported that the personal information of 3.9 million of AdultFriendFinder.com’s members was discovered in an online forum for hackers, including users’ sexual preferences, e-mail addresses, dates of birth and, in some cases, whether they were looking to cheat on their spouses. The company has notified law enforcement agencies, but said that no financial or password information seems to have been stolen.

AdultFriendFinder is different from traditional dating sites in that the information people provide is much more personal. When a user signs up, the services asks him/ her to detail his interests and, based on those criteria, matches people for sexual encounters. The site, which boasts 64 million members, claims to have "helped millions of people find traditional partners, swinger groups, threesomes, and a variety of other alternative partners."

So customers who joined the website to anonymously post their sexual preferences for hook-ups might now face being exposed to family members, co-workers, bosses, and even spouses or partners, compromising their personal lives.

One controversial hacker took advantage of the now-exposed data to identify over Twitter and personally name four different men who were using the dating site – including one who was married. Because the data is now accessible to anyone, many more people could be publicly shamed as a result.

According to CNN Money: “The breach was carried out by a hacker who goes by the moniker ROR[RG]. In an online hacker forum, he said he blackmailed Adult FriendFinder, telling the site he would expose the data online unless the company paid him $100,000.”

"Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation," FriendFinder's statement said.

According to The Wall Street Journal, researchers noted that as awareness of the breach spread on Friday May 22nd, more copies of the files were appearing online, meaning more people potentially had access to the data.

I've been sick lately (and still am) so I have some catching up to do on news posting.

On December 23, 2008 FriendFinder Networks filed for a $460 million IPO. My first thought was it is an interesting time to file with the downturn of the economy. Adult FriendFinder is the major revenue generator of the FriendFinder Networks and with the latest posts about dating sites doing better in these market conditions, maybe the recession is not as much a concern. Still, there are less people out there with money to invest.

The other big issue is the proceeds of this will be used for the most part to pay off debt. Most investors tend not to like this type of scenario. I'm not sure where this debt came from. FriendFinder Networks was bought last December (see Story) by Penthouse for $500 million. I assume at this point, the FriendFinder accounting books where in a positive territory. I can't see Penthouse buying them for so much money if FriendFinder had a huge debt. This new debt must of come from Penthouse.

On FriendFinder Networks corporate site they are claiming to be the largest social networking company in the world. The numbers they give to support this are:

• 250,000,000+ total profiles in their database since inception (for all websites).
• On average, over 150,000 new members per day.
• Over 10,000 private label social networking and live video sites in their network.

While FriendFinder Networks may be the largest social networking company in terms of number of profiles created, but how relevant are all those profiles. FriendFinder got its start way back in 1996, 12 years ago. I am sure many of these profiles are unused now or duplicates within the same site and across multiple sites. Adult FriendFinder, the largest site in the Network, says on their home page they have over 29 million active members. An active member to FriendFinder is someone with a valid email account who has logged in within at least 2 years. Now 2 years is a long time to be considered an active member but at least FriendFinder publishes how these numbers are calculate. Most dating sites do not. I would consider the largest social networking sites to be the ones with the most number of active profiles. In my opinion an active profile is one in which someone has used it in at least 2 months (and this is stretching it). I'm sure this honour would go to either Myspace or Facebook.

While we are on the subject, why are more and more dating sites calling themselves social networking sites? Sure they have social networking features but the main goal of the site is dating and to match you with a compatible person. If you are not single, there is no point in joining any dating site or the ones that call themselves Social Networks. These sites really should be called Social Networks for Singles.

Here is FriendFinder Networks corporate home page. For more information on the FriendFinder dating site, read our review.

Here is an interesting article on CNNMoney.com about the founder (Andrew Conru) of the FriendFinder Network of dating sites. It talks about his failures and successes including AdultFriendFinder, his biggest success which generates more than 60% of his total revenue (over $200 million). This site rivals the likes of Match.com and Yahoo! Personals in total number of members. Last year AFF had more than 35 million visitors and on average 75,000 new user registering each day (not paid members).