New Reports Detail Data Exposed in AdultFriendFInder Hack

CYBERSPACE—News of a hacker attack on AdultFriendFinder.com continues to ricochet around the media. Yesterday the British television broadcaster Channel 4 reported on the security breach at the site, one of the world’s biggest internet dating networks. According to the report, "the hackers have revealed email addresses, usernames, dates of birth, postal codes and unique internet addresses of users' computers.”

Channel 4 News came across the hack while investigating how hackers trade in personal information of millions of people through "dark web" sites.

PC World reported on the story today, noting that the site may have been breached more than two months ago and the sensitive information is apparently still online.

According to PC World, “The leaked records, contained in 15 Excel spreadsheets, are still online in an underground forum. The forum is a so-called ‘hidden’ website hosted on the Tor network, which helps masks the site’s true IP address.”

PC World also included a link to an April 13 blog post by Bev Robb, a researcher on malware and the dark web who discovered the Adult Friend Finder Files.

Robb wrote in her post, "During one of my excursions to the Deepweb (on the Darknet), I discovered a treasure trove of hacked data that appears to be from an adult social networking site. This particular adult site is one of the most heavily-trafficked websites in the world, boasting an Alexa U.S. page rank slightly above 747.”

Though Robb didn’t ID the site at that point, the post offers many details about the hack.

Gawker.com reprinted several online message board postings from a hacker using the handle ROR[RG] who claims responsibility for the breach, including "i am in thailand," "they owe my guy money," "had it coming clause" and "pay up or be fucked."

Friend Finder Networks, the parent company of AdultFriendFinder.com, issued the following advisory today:

“As an update, as has been reported, FriendFinder Networks Inc. recently became aware of a potential data security incident. The security of our members’ information remains our top priority and, upon learning of this incident, we took immediate action including:

“Launching an internal investigation to review and expand existing security protocols and processes

“Taking steps to protect our members such as temporarily disabling the username search function and masking usernames of any users we believe were affected by the security issue.

“This means that our members will still be able to log-in using their username and password but the search function will be disabled in an effort to protect members privacy. We are also in the process of communicating directly to members on how to update their usernames and passwords

“Working closely with Mandiant, a leading third-party forensics expert, to investigate the incident, review network security and remediate our system

“Notifying law enforcement, including the FBI, and coordinating with their investigation into this attack
It is important to note that, at this time, there is no evidence that any financial information or passwords were compromised.

“As is common with similar cyber-attack events, until the investigation is completed, it will be difficult to confirm the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates on this site as we learn more from our investigation. Protecting our members’ information is our top priority and we will continue to take the appropriate steps needed to protect our members and their information.”