Internet hook-up destination, Adult Friend Finder, boasts more than 60 million members worldwide. Unfortunately, at least three million of them have had their accounts compromised after a Thai hacker sought revenge.
Word of Adult Friend Finder's problems first surfaced last month. An IT consultant and Darknet researcher, who prefers to be known as Teksquisite, discovered the files on a forum in April. Salted Hash, looking to confirm her findings, discovered the same posts and files in short order.
The hacker claiming responsibility for the breach says they’re from Thailand, and started boasting about being out of reach of U.S. law enforcement because of location alone. As for local law enforcement, they're confident they can bribe their way out of trouble, so they continued to post Adult Friend Finder records.
Using the handle ROR[RG], the hacker claims to have breached the adult website out of revenge, because a friend of theirs is owed money - $247,938.28. They later posted a $100,000 USD ransom demand to the forum in order to prevent further leaks.
In all, across 15 different CSV files, ROR[RG] posted 3,528,458 records. The files are database dumps with 27 fields in total; the most important being IP address, email, handle, country, state, zip code, language, sex, race, and birth date. Dates confirm that the data is at least 74-days old.
Armed with the compromised information, forum members started to download the files and use the information for spam campaigns. One member was rather expressive:
"Dude you are the ****, I am loading these up in the mailer now. I will send you some dough from what it makes. Thank you!!"
ROR[RG] didn't say if payment card data was part of the database they had compromised, however there was an immediate request for it on the forums. In the files that were published, payment data isn't present.
While one crook stated they were already using the data for spam runs, the other risks for Adult Friend Finder members (considering the details leaked) include Phishing and extortion schemes. Plenty of the people in that database are married, and it's likely their actions online are a dark secret.
"An example would be a politician that may have created an account using a fake name, but used a known email address for their login details, or a phone number that can be mapped back to their real identity, this is an example of how data like this can lead to further blackmail and/or extortion by a malicious actor seeking to profit from this type of information," said Tripwire's Ken Westin.
In a statement, Adult Friend Finder confirmed the incident, stating that they've hired FireEye to perform a full investigation. The company said they would make no further statements, presumably due to a gag order from their law firm (no pun intended).
"FriendFinder Networks Inc. has just been made aware of a potential data security issue and understands and fully appreciates the seriousness of the issue. We have already begun working closely with law enforcement and have launched a comprehensive investigation with the help of leading third-party forensics expert, Mandiant, a FireEye Company, the law firm of Holland & Knight, and a global public relations firm that specializes in cyber security.
"Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation. We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected."