Adult Dating Site Hack Reveals Users' Sexual Preference, Extramarital Affairs

An anonymous reader notes this report from Channel 4 News that Adult FriendFinder, one of the largest dating sites in the world, has suffered a database breach that revealed personal information for 3.9 million of its users. The leaked data includes email addresses, IP addresses, birth dates, postal codes, sexual preferences, and information indicating which of them are seeking extramarital affairs. There even seems to be data from accounts that were supposedly deleted. Channel 4 saw evidence that there were plans for a spam campaign against these users, and others are worried that a blackmail campaign will follow. "Where you've got names, dates of birth, ZIP codes, then that provides an opportunity to actually target specific individuals whether they be in government or healthcare for example, so you can profile that person and send more targeted blackmail-type emails," said cybercrime specialist Charlie McMurdy.

The data

[Dynamoo]

The data is a apparently a subset of 60 million records that the hackers are threatening to release.

I've had a look at the data, there are very many easily identifiable people, for some of those there is date-of-birth data, ZIP code, "preferences", details of any money spent etc. There are a few people using their .gov email addresses for this, some of those can be verified by the IP address, some other email addresses belonging to other corporations. I would suspect that those are the people who are most at risk of blackmail. Remember too that an email addresses can be used to look people up on Facebook, which would make it easier for blackmailers to find potential victims.

Not revealed in the breach (so far) are credit card data, real names (although many are obvious from the email addresses) or passwords. Although I notice that some people were smart enough to sign up with a throwaway email address, if they have actually paid for anything then they would have had to supply real contact details somewhere.

The background story appears to be that a pissed-off affiliate who claims they were owed hundreds of thousands of dollars had a contact hack the database. It seems the hackers are demanding money else they will release the rest of the data.

Re:The data

[QuasiSteve]

While I agree with what you're trying to say here, I think GP actually meant that they could confirm that the IP address belongs to a range assigned to government institutions - i.e. it's not just people using their .gov e-mail address from home, but they're using it from what should be their public servant workplace - and not so much tying it to a specific individual.

Re:Nuts and %$@)

You must be young. Asterisks around a word indicate emphasis (bold or italic text), not quotation marks.

Re: Some visualization

[Dynamoo]

It goes something like this:
Male, male, male, male, male, male, male pretending to be female, male, male, OMG what's that.

Re:Lol

[ShanghaiBill]

I wonder why these dating sites charge so much per month for membership when they could just charge $1 and rake in the cash.

A higher fee is an effective filter. The "free" sites are garbage, with lots of phoney or dead profiles. I paid $99 for an annual membership to match.com, met several nice girls, married one of them, and I now have a wife, two kids and a dog. Compared to all the other expenses I have incurred, the $99 is negligible.