3.9 Million Accounts of Adult Dating Website Exposed
Adult dating website, AdultFriendFinder.com, was recently compromised by hackers and data of about 3.9 million users have been affected by the breach. Information exposed in this massive cyberattack include email addresses, usernames and passwords, birthdays, sexual preferences and other sensitive information that is all too revealing. Some hackers who have access to these details have used the data to expose these AFF users and shame them online.
“I’m not so surprised about the hack.”, IT Security Researcher, Andrea Tarquini, said. “Generally, very personal information about a person (such as sexual preferences) are the main target for hackers who want to shame someone. Hacking portals such as AFF is an easy way to find a lot of personal information from all kinds of people including government and other famous profiles.
Adult FriendFinder Accounts Data Breach
A report from CNN Money states that the cyberbreach was performed by a person with the nickname ROR[RG] and posted a thread in a black market forum.
“In an online hacker forum, he (ROR[RG) said he blackmailed Adult FriendFinder, telling the site he would expose the data online unless the company paid him $100,000… hackers immediately praised ROR[RG], saying they were planning on using the data to attack the victims.” – CNN Report
FriendFinder Networks Inc., which owns AFF, have launched an investigation and have taken actions to remediate their system. They also added that there are no credit card information involved in the leak.
“…our members will still be able to log-in using their username and password but the search function will be disabled in an effort to protect members privacy. We are also in the process of communicating directly to members on how to update their usernames and passwords.” – Friend Finder Network Statement
AdultFriendFinder has over 64 million members.
Message to Users and Companies
Andrea shares some more tips to regular Internet users and companies handling customer data:
- To Internet users, Be VERY careful with the information you upload online. In a general sense, if you don’t want your details to be exposed at any point, better not share it online; especially on portals such as adult dates.
- As for companies, don’t wait for a breach to occur before you act on securing your system. Contact a security consultant to better understand and set up countermeasures to protect customer data and avoid common hacker attacks such as impersonation. Also, make sure to test the security of the entire IT system (website, etc.) by hiring services of penetration testers.
Web Application Penetration Testing Courses
Want to become a Web App Pentester? Learn to find bugs in web applications and defend them from cyber attacks. Here are training courses to develop and reinforce security in web apps:
- – Web Application Penetration Testing – WAPT
- – Web Application Penetration Testing eXtreme – WAPTX
- – Practical Web Defense – PWD
Andrea Tarquini is an IT Security researcher and software analyst/developer at eLearnSecurity. He is the main developer of JustCryptIt and IzzieCloud. He is also the author of ‘Ruby for Penetration testing and Metasploit’ section of Penetration Testing Course Professional.