Slashdot Mirror
Adult Dating Site Hack Reveals Users' Sexual Preference, Extramarital Affairs
An anonymous reader notes this report from Channel 4 News that Adult FriendFinder, one of the largest dating sites in the world, has suffered a database breach that revealed personal information for 3.9 million of its users. The leaked data includes email addresses, IP addresses, birth dates, postal codes, sexual preferences, and information indicating which of them are seeking extramarital affairs. There even seems to be data from accounts that were supposedly deleted. Channel 4 saw evidence that there were plans for a spam campaign against these users, and others are worried that a blackmail campaign will follow. "Where you've got names, dates of birth, ZIP codes, then that provides an opportunity to actually target specific individuals whether they be in government or healthcare for example, so you can profile that person and send more targeted blackmail-type emails," said cybercrime specialist Charlie McMurdy.
sorry, gotta go.
Given that their list of choices for sexual preferences doesn't include tentacle-on-pregnant furry futanari, I think I'm pretty safe.
You could encrypt all the data in the database, but that would only protect you from somebody able to access the database but not any of the decryption code (somewhat unlikely).
Assuming full access to the database and code, is there any way to protect against being able to link identification with the rest of the personal information.
I can only come up with the obvious client-side encryption, but will the network as a whole still be able to use the data as it's supposed to (in this case; find adult friends)?
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
After the last big hack I had to give up my old IP address, 192.168.0.1, which I had used for years. What a pain!
Hopefully some of the users that will be approached will not be good candidates for blackmailing; because they already got out of the relationship they were trying to cheat on or have already come out of the closet with whatever sexual kink they have.
Hopefully those users will contact police when they receive blackmail attempts and will aid in netting whoever is behind this
Our government is out of control anyway, anything that allows blackmail, removal from office, misery in their lives. etc is a good thing
While we're at it let's extend it to programmers, DBAs, sys admins an designers who cause us so much misery because they are too stupid or lazy to build secure systems.
I'm a consultant - I convert gibberish into cash-flow.
Oh no, now everyone will know I'm a white male age 18 to 49!
Most linux users don't know this, but the man pages were named after Chuck Norris. Chuck Norris fsck'ing hates noobs!
I've had a look at the data, there are very many easily identifiable people, for some of those there is date-of-birth data, ZIP code, "preferences", details of any money spent etc. There are a few people using their .gov email addresses for this, some of those can be verified by the IP address, some other email addresses belonging to other corporations. I would suspect that those are the people who are most at risk of blackmail. Remember too that an email addresses can be used to look people up on Facebook, which would make it easier for blackmailers to find potential victims.
Not revealed in the breach (so far) are credit card data, real names (although many are obvious from the email addresses) or passwords. Although I notice that some people were smart enough to sign up with a throwaway email address, if they have actually paid for anything then they would have had to supply real contact details somewhere.
The background story appears to be that a pissed-off affiliate who claims they were owed hundreds of thousands of dollars had a contact hack the database. It seems the hackers are demanding money else they will release the rest of the data.
Never email donotemail@WeAreSpammers.com
Suddenly many ministers are all going to 3 week long camps to be cured.
And, of course, let's not stop there ... let's move to the managers, executives, and sales/marketing assholes who force this shit out the door.
The poor bastard of a programmer who has been told by the VP or the CEO (or the sales wanker) that the product must ship now, or that security doesn't matter is not always the cause of this. Sometimes they're the ones saying "umm, guys, this could be a problem".
So, if we're assigning blame, let's go with the people who are actually to blame and who make the decisions.
In the military, "just following orders" may not be a defense. But in private industry it's often the management who create these problems.
Which is precisely why I say that corporations should be held to a legal standard for the protection of personal information, and should carry penalties for failure to do so.
As long as corporations just say "oh, bummer dude" and have no penalties, they'll continue to cut as many corners as possible. Because there simply is no consequence for them.
I'm as concerned about the management people who don't give a damn. Because they're the ones who make policy and decide that not sucking at security is too costly.
So, want a secure internet? Kick an MBA or a CEO in the nuts, and tell them you'll keep doing it until they insist on secure code.
Lost at C:>. Found at C.
How did they ever filter out all the fake accounts? Hot horny locals, my ass.
You're confused, no one cares what they do in their spare time. In fact, the ones I've worked with that use the services of whores like to talk about it.
How about some neat diagrams visualizing these data? Like relations between age, gender, residence, preferences, etc...
You can't send SPAM to an email that doesn't exist. Close the email account associated with the compromised account. Problem solved.
Dating site of F^@( Buddy site.
I'm sure the information release was trivial and... oh my God. I didn't realize she still had those photos.
my god, people, if you are going to use a site like that, don't use your real name, work email address, etc.
consider that *everything* is going to get compromised -- if it is not already. use some common sense.
there are 3 kinds of people:
* those who can count
* those who can't
If you're gonna cheat, why do it on the Internet? People who continue to trust the anonymity of the web boggle my mind.
The physical world doesn't offer much anonymity either. At least the Internet offers more choices. Just don't use your real name, or primary email address, and you'll be fine.
I have zero sympathy for Anonymous Cowards. I think that if people have something that they really need to say on /. that they should use their normal account. Who cares if they lose mod points. The people like you posting using AC accounts should be outed!
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
This is horrible.
I think I had an account but like all adult sites I sign up for I used a throwaway email, lie about my age and location, and only show my dick and balls in photos.
And no will recognize the dick and balls as I'm a virgin in my 30s.
Nice porn collection!
How many Republicans? :-)
Probably around 49%. Add in 49% Democrat, and 2% other.
Or were you trying to make a hyuckhyuck statement?
Thanks. ;)
exactly, I wonder who was dumb enough to create a profile saying "Dave Brown of 22 Acacia Avenue AB1 3CD, wants to meet nice ladyboy for extramartial affair"? It'll be "single male, BigBrownie, of 1 nowhere place, wants to meet nice ladyboy"
And as for the spam emails, I have a couple I use for all kinds of dodgy sites (eg slashdot) and I get loads of spam anyway.
Still... .9 million users... that's a lot of people! I wonder why these dating sites charge so much per month for membership when they could just charge $1 and rake in the cash. Stack 'em high 'cos extramarital affairs are never going to go out of fashion - the only problem is ending up meeting your blind date and finding it's your wife!!
Either that or be open about it. It is hard to blackmail someone over something that is public knowledge.
while(1) attack(People.Sandy);
...and information indicating which of them are seeking extramarital affairs
Good. Fuck em. Let's see some good old fashioned public shaming. Cheating fucks.
In the Ars story about this they pointed out a website that tracks beaches that I hadn't heard of before: ';--have i been pwned?
I plugged my email addresses into this and found out that I had been a part of the Adobe breach fro October 2013. And I don't remember Adobe telling me about it
I am Slashdot. Are you Slashdot as well?
Exactly. Be French about it.
You're looking for quotes? See my journal.
Joking aside, the managers, executives, and sales/marketing assholes should be strung up for telling people your data was deleted when in fact it wasn't.
I have zero sympathy for Anonymous Cowards. I think that if people have something that they really need to say on /. that they should use their normal account. Who cares if they lose mod points. The people like you posting using AC accounts should be outed!
That the AC was certainly extreme, I don't think anybody deserves to be blackmailed. He did have a point though, if you are cheating on your wife/husband you won't get much sympathy from me if you get found out and there is plenty of people who agree with me. The world is full of people who claim they are saving/improving their marriages/relationships and doing their spouse some sort of favour by cheating behind their backs instead of drumming up the courage to talk to their spouse and working out their relationship problems honestly. These individuals are all delusional and they all deserve to be found out because they are making their spouse's unknowingly waste their lives on a deceitful and untrustworthy excuse for a human being.
As the protection of our customers is our utmost concern and in abundance of caution we have temporarily disabled the username search function and have begun to mask usernames of any users we believe were affected by the security issue. Users will still be able to log-in using their username and password but the username search functionality will be disabled until further notice. We are also creating a streamlined and easy process for users to change their usernames and passwords that will be live this weekend.
If you have any questions or concerns, please do not hesitate to contact customer service. For further information please visit http://www.ffn.com/security-up...
-------
FriendFinder Networks Inc. has just been made aware of a potential data security issue and understands and fully appreciates the seriousness of the issue. We have already begun working closely with law enforcement and have launched a comprehensive investigation with the help of leading third-party forensics expert, Mandiant, a FireEye Company.
Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation.
We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected.
I made such an effort to conceal my sexual orientation!
I'll see your senator, and I'll raise you two judges.
I wonder why these dating sites charge so much per month for membership when they could just charge $1 and rake in the cash.
A higher fee is an effective filter. The "free" sites are garbage, with lots of phoney or dead profiles. I paid $99 for an annual membership to match.com, met several nice girls, married one of them, and I now have a wife, two kids and a dog. Compared to all the other expenses I have incurred, the $99 is negligible.
Your never going too get you're weigh on this. Their are just two many people out they're using there words wrong too get to upset. Sew don't loose you're cool about it. You can sea mini common examples that exist of incorrect usage. People pick the write words two use according too there porpoises. But you'd have two be a fool to begin or end a sentence with the word "but". And only an idiot would begin or end a sentence with "and". And a preposition is a very bad word too end a sentence with.
I'll see your senator, and I'll raise you two judges.
GayWAD was right, if yo've used Slashdot beta to find a sex partner, you now have no problems.
Actually, if you have managed to find a sex partner using Slashdot beta all you will have achieved is finding another person who needs to read several Wikipedia articles and closely study the diagrams before they can successfully have sex with another human being since both of your previous sexual experience will have been limited to a computer monitor and one or both of the prehensile, multi-fingered extremities attached to the upper limbs of your body.
Sites like AFF require payment. Unless you have a credit card setup under a fake identity, you're going to have to provide real data to use the site.
What my parents told me growing up comes to mind:
http://biblehub.com/numbers/32... - "...you may be sure that your sin will find you out."
At least anyone with fear of finally being exposed as dishonest has a warning sign to make amends with their partner.
No one can fault you for the truth, although there may be consequences for the truth.
How many Republicans? :-)
Probably around 49%. Add in 49% Democrat, and 2% other.
Or were you trying to make a hyuckhyuck statement?
I suspect the implication was that Republicans, especially with Bible-thumping ones, tend to be hypocrites.
I don't want to get drawn into the political aspect, but my experience has been that in general the louder the 'Christian' the worse the person. [Quiet Christians tend to be nicer.]
And that she likes pina coladas
I paid $99 for an annual membership to match.com, met several nice girls, married one of them, and I now have a wife, two kids and a dog.
What kind of weird ass genetics do you have that you + wife = kid + kid + dog?!?!?
That could happen if you both enjoy Piña Coladas and getting caught in the rain.
Where does the school board find them and why do they keep sending them to ME?
And if I do it, it opens me up to getting my throat slit in my sleep.
You are welcome on my lawn.
All along I just figured it was a scam harvesting money from lonely guys. People actually used it for dating??? There were actually women on it???
Sites like AFF require payment. Unless you have a credit card setup under a fake identity, you're going to have to provide real data to use the site.
You can use Paypal instead of a credit card. But even if you use a CC, few sites require that the profile name/address and CC billing information match. This is especially true if their marginal cost is $0, as it is for dating sites.
Agreed. A while ago there was a big stink kicked up locally because a government official's mistress was about to fly in but his wife found out and was going to catch her, so he called the customs officials and had the mistress held at the airport and then deported to keep his affair under wraps (or at least keep the wife and mistress from meeting). The mistress had no idea why she was being held at the time. Officially it just looks like she was held and deported for no good reason at best - or profiling at worst.
Of course in a small community, it's not in the news even though everybody knows it, on paper it's "see no evil, hear no evil, speak no evil."
"When information is power, privacy is freedom" - Jah-Wren Ryel
As though millions of divorce lawyers just orgasmed at once.
you forgot to add the recurring charges ;) in your equation
is "yes, please"
All computers are vulnerable. The most secure systems in the world can be hacked. This one might have been insecure, but that isn't demonstrated just because it got hacked.
... Let's all just go read all of the data for anyone we know, right now. Then there will be no potential for blackmail.
But I honestly never realized that it's a site people go to on purpose. I mentally categorized it alongside any sort of "Click here and we'll install adware for you!" ads. Has anyone here had success using this service? Is it "cragslist-y"? I don't intend to start using it, just curious.
Also implicit is that the only real sin is hypocrisy. Its okay to live an immoral lifestyle; but how dare you hold up morality and yet fall short. So its okay to be a Bill Clinton and dip into the intern pool, but don't be a Larry Craig and be for morality and tap your foot in the bathroom.
What joking? I wasn't joking.
I totally think delivering ass-whoopings to MBAs and CEOs for corporate malfeasance would solve a lot of problems.
Because it would be better than this "non est mea culpa" shit we have now where CEOs issue some drivel apology and have no consequences.
I'm not joking at all.
Lost at C:>. Found at C.
and a dog
So you couldn't have gotten a dog without match.com?
Either that or be open about it. It is hard to blackmail someone over something that is public knowledge.
Huh. Apparently, you're right. You can be a 50-something politician and have an affair with the 17-year-old daughter of one of your law clients, get a plea deal to misdemeanors instead of a felony, and it's okay as long as you come out with it a couple of years later, present your new baby, and talk about your ambitions to be a leader in the state senate. Truth is stranger than fiction.
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
Are those public ass-whoopings, like getting spanked with a paddle in the town square?
How about about a nice bonus for those in charge for firing those horrrible cost centers who provide no value and caused the leak. So smart. Not all scarce talent can be so gifted.
http://saveie6.com/
caning and flogging them would be ok.
the good ground has been paved over by suicidal maniacs
Direclty from the article:
The front page of Adult FriendFinder, which is based in California, features photos of dozens of attractive young women. Yet the hacked data, contained in 15 spreadsheets, reveals how few females appear to use Adult FriendFinder.
Among the 26,939 users with a UK email address, for example, there are just 1,596 who identified as female: a ratio of one woman to every 16 men.
This right there is why when I was single I gave on regular dating sites and completely avoided the adult dating sites. Much easier to meet people in person and significantly less competition.
Not to mention the unrealistic expectations of not just a woman, but a woman that has 10k guys sending her emails. The poor girls end up randomly clicking emails because most of them are the same anyway and there are way to many of them. Good luck.
Sure. Of course, you're going to prove that it was a management directive, and not just plain old IT incompetence or malice that led to "deleted" profiles being left around in the system, right?
If the IT guys are partly to blame, they should be lined up right alongside their managers for those whippings. And I'm pretty sure that you'll find more often than not that the IT guys are just as clueless and incompetent as their clueless and incompetent bosses.
Irrelevant.
Obviously, if it was a management directive, it's management's fault. However, if the lack of security is due to ignorance/incompetence on the part of IT, it's still management's fault, as it's their job to hire and/or train IT for security (and fire if necessary).
Internally, management is free to assign blame and take action against IT, be it through improvement plants, pink slips, or (in the case of malice) lawsuits. But make no mistake - management holds final responsibility - that's part of being in leadership.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
you forgot to add the recurring charges
He mentioned the wife and kids, and then stated the $99 is negligible in comparison. What did he forget?
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
remember the politician not wanting to be caught in bed with either dead 17 year old girl or live 17 year old boy
Those that would blackmail cheaters of course should be treated as criminals as their motives are greed. However, if they happened to put that information all over the Internet I would applaud it. Cheating on a spouse isn't a crime but as close as you can get to one without actually being one. The emotional suffering, that can last for years, that unethical knuckleheads cause their spouses hurts their own children as well. People that are married and cheat not only deserve to be exposed but it's a moral imperative that they are exposed. .
Me too, but with 127.0.0.1! D:
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).