Adult Dating Site Hack Reveals Users' Sexual Preference, Extramarital Affairs

An anonymous reader notes this report from Channel 4 News that Adult FriendFinder, one of the largest dating sites in the world, has suffered a database breach that revealed personal information for 3.9 million of its users. The leaked data includes email addresses, IP addresses, birth dates, postal codes, sexual preferences, and information indicating which of them are seeking extramarital affairs. There even seems to be data from accounts that were supposedly deleted. Channel 4 saw evidence that there were plans for a spam campaign against these users, and others are worried that a blackmail campaign will follow. "Where you've got names, dates of birth, ZIP codes, then that provides an opportunity to actually target specific individuals whether they be in government or healthcare for example, so you can profile that person and send more targeted blackmail-type emails," said cybercrime specialist Charlie McMurdy.

oh no

[turkeydance]

sorry, gotta go.

Not really

The leaked data includes email addresses, IP addresses, birth dates, postal codes, sexual preferences...

Given that their list of choices for sexual preferences doesn't include tentacle-on-pregnant furry futanari, I think I'm pretty safe.

NO! Not my IP address!!!

After the last big hack I had to give up my old IP address, 192.168.0.1, which I had used for years. What a pain!

Hopefully

Hopefully some of the users that will be approached will not be good candidates for blackmailing; because they already got out of the relationship they were trying to cheat on or have already come out of the closet with whatever sexual kink they have.

Hopefully those users will contact police when they receive blackmail attempts and will aid in netting whoever is behind this

Nuts and %$@)

[tehlinux]

Oh no, now everyone will know I'm a white male age 18 to 49!

Re:Nuts and %$@)

[Githyanki]

You realize that putting quotes around it usually indicates that there is a nudge and wink going on at the same time. Reminds me of the joke: Guy sits and drinks at the bar till closing. Bartender tells him "Hey buddy, time to go, your the last one here." Guy pulls a gun on the bartender and forces him to give him a blow job. Partway through, the guy looses concentration and the gun slips down. Bartender picks it up and hands it back to the guy. "Dont want anyone to come in and catch me doing this and think I'm gay!!"

Re:Nuts and %$@)

You must be young. Asterisks around a word indicate emphasis (bold or italic text), not quotation marks.

Re:Nuts and %$@)

[OhSoLaMeow]

That reminds me of a joke. Guy goes into a bar and orders a scotch. He downs that quickly and goes through three more in the same fashion. The bartender asks him if he's celebrating anything. The guy says "Yeah, just had my first blowjob." Bartender says "Congratulations! Here's another one, on the house." The guy says "No thanks. If four scotches won't get the taste out of my mouth, another one isn't going to help."

The data

[Dynamoo]

The data is a apparently a subset of 60 million records that the hackers are threatening to release.

I've had a look at the data, there are very many easily identifiable people, for some of those there is date-of-birth data, ZIP code, "preferences", details of any money spent etc. There are a few people using their .gov email addresses for this, some of those can be verified by the IP address, some other email addresses belonging to other corporations. I would suspect that those are the people who are most at risk of blackmail. Remember too that an email addresses can be used to look people up on Facebook, which would make it easier for blackmailers to find potential victims.

Not revealed in the breach (so far) are credit card data, real names (although many are obvious from the email addresses) or passwords. Although I notice that some people were smart enough to sign up with a throwaway email address, if they have actually paid for anything then they would have had to supply real contact details somewhere.

The background story appears to be that a pissed-off affiliate who claims they were owed hundreds of thousands of dollars had a contact hack the database. It seems the hackers are demanding money else they will release the rest of the data.

Re:useful

[gstoddart]

And, of course, let's not stop there ... let's move to the managers, executives, and sales/marketing assholes who force this shit out the door.

The poor bastard of a programmer who has been told by the VP or the CEO (or the sales wanker) that the product must ship now, or that security doesn't matter is not always the cause of this. Sometimes they're the ones saying "umm, guys, this could be a problem".

So, if we're assigning blame, let's go with the people who are actually to blame and who make the decisions.

In the military, "just following orders" may not be a defense. But in private industry it's often the management who create these problems.

Which is precisely why I say that corporations should be held to a legal standard for the protection of personal information, and should carry penalties for failure to do so.

As long as corporations just say "oh, bummer dude" and have no penalties, they'll continue to cut as many corners as possible. Because there simply is no consequence for them.

I'm as concerned about the management people who don't give a damn. Because they're the ones who make policy and decide that not sucking at security is too costly.

So, want a secure internet? Kick an MBA or a CEO in the nuts, and tell them you'll keep doing it until they insist on secure code.

OPSEC

[lophophore]

my god, people, if you are going to use a site like that, don't use your real name, work email address, etc.

consider that *everything* is going to get compromised -- if it is not already. use some common sense.

Re:Lol

[ShanghaiBill]

If you're gonna cheat, why do it on the Internet? People who continue to trust the anonymity of the web boggle my mind.

The physical world doesn't offer much anonymity either. At least the Internet offers more choices. Just don't use your real name, or primary email address, and you'll be fine.

Oh, shit.

[happily_married]

This is horrible.

Meh

I think I had an account but like all adult sites I sign up for I used a throwaway email, lie about my age and location, and only show my dick and balls in photos.

And no will recognize the dick and balls as I'm a virgin in my 30s.

Re:This is why adultery is wrong

[O('_')O_Bush]

Either that or be open about it. It is hard to blackmail someone over something that is public knowledge.

Re:This is why adultery is wrong

[disposable60]

Exactly. Be French about it.

Re:useful

[Krojack]

Joking aside, the managers, executives, and sales/marketing assholes should be strung up for telling people your data was deleted when in fact it wasn't.

Re:Lol

[ShanghaiBill]

I wonder why these dating sites charge so much per month for membership when they could just charge $1 and rake in the cash.

A higher fee is an effective filter. The "free" sites are garbage, with lots of phoney or dead profiles. I paid $99 for an annual membership to match.com, met several nice girls, married one of them, and I now have a wife, two kids and a dog. Compared to all the other expenses I have incurred, the $99 is negligible.

I felt a tremor in the force

[DoofusOfDeath]

As though millions of divorce lawyers just orgasmed at once.

Re:Lol

[zlives]

you forgot to add the recurring charges ;) in your equation