Breach Notification , Incident & Breach Response , Managed Detection & Response (MDR)

Dating Website Breach Spills Secrets

Darknet Dump Offers 3.9 Million Users' Personal Details
Dating Website Breach Spills Secrets

One of the world's largest dating websites,, is warning current and former users that their personal information may have been compromised by hackers. Nearly 4 million people are reportedly affected by the data breach.

See Also: Why Active Directory (AD) Protection Matters

The site's parent company, Sunnyvale, Calif.-based FriendFinder Networks - which says its network encompasses more than 40,000 sites and includes more than 600 million users - has confirmed that it's investigating the breach report. It is working with law enforcement agencies and has brought in third-party digital forensics investigators from FireEye's Mandiant.

"FriendFinder Networks Inc. has just been made aware of a potential data security issue and understands and fully appreciates the seriousness of the issue," the company says in a May 21 statement. But to date, the company has declined to offer any further details, such as how many different users or regions might have been affected, and whether the breach extends beyond AdultFriendFinder - which claims to have 63 million users worldwide - or when the breach may have begun.

"Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation," FriendFinder Networks says. "We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected."

The apparent breach was first uncovered - and reported - by U.K. news agency Channel 4, which says it found 15 spreadsheets containing information on 3.9 million AdultFriendFinder users during an investigation into the types of information sold on underground, so-called darknet or "dark Web" sites, which typically refers to "Onion" sites that can only be reached by using the Tor anonymizing browser.

AdultFriendFinder bills itself as a "thriving sex community," and stores related types of personal data, Channel 4 reports. Information that it recovered - which had been posted on an underground forum by a hacker nicknamed "ROR[RG]" - reportedly includes details of whether users are gay or straight, whether they're seeking extramarital affairs, as well as their age, email addresses, usernames, mailing addresses, as well as their IP address.

Leaked Data Now Circulating

Security expert Troy Hunt, who maintains "Have I Been Pwned?" - a free website that alerts subscribers when their personal information appears in data dumps - reports that the information allegedly leaked from AdultFriendFinder is now in public circulation, and that it includes current and previous users' emails, sexual orientation, age, gender and race, among other information.

Spam, Extortion Warnings

Security experts say some of the site's married users may find this information leak inconvenient - to say the least - and have warned all of the site's current and former users to beware of related spam campaigns and blackmail attempts. "I've always thought adult dating sites would be a perfect target for criminals to breach and use details for extortion," says information security consultant and Europol cybercrime adviser Brian Honan via Twitter.

"Divorce lawyers are celebrating this news," technology and public policy attorney Elizabeth Wharton, at Hall Booth Smith, says via Twitter.

Channel 4 reports that some of the leaked email addresses tie to U.K. government officials and armed services personnel.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.