Adult dating website hacker exposes millions of users' secrets

The hacker revealed sensitive information of some profiles, and others have since been identifying some of the users on the Internet.
By Doug G. Ware   |   May 23, 2015 at 6:28 PM
share with facebook
share with twitter

WASHINGTON, May 23 (UPI) -- People who have used the casual dating site Adult FriendFinder may have some damage control to do, after a hacker broke into the site and spilled the beans on millions of profiles there.

The site, which claims 64 million members, enables people to outline their sexual fantasies and preferences and then tries to match them with profiles with similar interests. Each user's profile contains personal information, such as email addresses and ZIP codes.

Britain's Channel 4 reported the hack on Thursday, and said the information on nearly 4 million profiles have been compromised.

One hacker, Andrew Auernheimer, said he perused some of the personal information on scores of profiles -- and even disclosed the names of some users via Twitter. Some of those identified include a Washington police academy commander, an FAA employee, a California state tax worker and a naval intelligence officer who supposedly tried to cheat on his wife, CNN Money reported.

"I went straight for government employees because they seem the easiest to shame," Auernheimer said.

Some of the profile information indicated that some users are government employees, and used their government-supplied email address to register -- which is against the policies of some agencies.

"Need more coffee before I call up this cop and ask him why his government email address is linked to his AdultFriendFinder account," someone named Andrew Blake tweeted Thursday.

"I am loading these up in the mailer now / I will send you some dough from what it makes / thank you!!" wrote one hacker who goes by the handle MAPS.

While several users have been identified, the same cannot be said of the hacker -- who goes by the online moniker ROR[RG]. In one hacker forum, he said he blackmailed Adult FriendFinder by threatening to expose the data online unless the company paid him $100,000.

While the vast majority of FriendFinder users have not yet been specifically identified, all of the profile information can be viewed online by anyone.

Computer security experts say it would be easy to view the profile information and, with a little detective work, find out who it belongs to. IT security consultant Bev Robb reported the hack last month on her blog, and said she has been able to match the sensitive information to the identities of users, and find their social media accounts.

Privacy advocates are concerned that the availability of information could be used for sinister purposes, such as blackmail.

For example, one person exposed is a 40-year old welder from a small Illinois town. He "will become anybody's slave" and lied about his age on the site, claiming to be 29, the CNN report said.

Adult FriendFinder's parent company said it is aware of the breach and is working with law enforcement authorities, including the FBI, and a cyberforensics firm.

"We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected," the company said.

The site said it has launched an "internal investigation to review and expand existing security protocols and processes" and disabled the "username search function and [are] masking usernames of any users we believe were affected by the security issue."

Adult FriendFinder said no passwords or financial information had been compromised by the breach.

Related UPI Stories
Trending Stories