Leaked database of Adult Friend Finder still online

Adult Friend Finder was breached more than two months ago, according to a dark Web forum

Adult Friend Finder may have been breached as long as two months ago, and the sensitive files are still online.

Adult Friend Finder may have been breached as long as two months ago, and the sensitive files are still online.

Adult Friend Finder, one of the largest online dating sites, may have been breached more than two months ago, and the sensitive files -- include names, ages, email addresses, zip codes and more -- are apparently still online.

British broadcaster Channel 4 reported Thursday that the website had been breached, although information regarding the breach had been trickling out in a low-key way for some time.

FriendFinder Networks, a California-based company that owns Adult Friend Finder and other dating websites, said in an advisory that it has contacted law enforcement and is investigating.

The company claimed it had "just been made aware of a potential data security issue and understands and fully appreciates the seriousness of the issue."

"Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates," the company said.

Adult Friend Finder, which was founded in 1996, has more than 40 million members, according to its website. FriendFinder Networks says it has more than 600 million registered users across some 40,000 websites in its network.

The breach could be especially sensitive since Adult Friend Finder specializes in more risque types of meetings. The sales pitch on its landing page reads: "Looking for sex? Hoping to meet someone special for a hot, sexual relationship or even just a quick fling?"

The leaked records, contained in 15 Excel spreadsheets, are still online in an underground forum. The forum is a so-called "hidden" website hosted on the Tor network, which helps masks the site's true IP address. The site can only be reached using the Tor Web browser.

The files contain hundreds of thousands of email addresses purportedly of Adult Friend Finders users. Some of the Excel files also contained detailed information about members, including their age, sex, state, zip code, username and IP address.

Some of the Excel files have a column for "paymenttype" although the fields are mostly blank. Efforts to reach FriendFinder Networks to verify the files were not successful.

Bev Robb, who does malware and dark Web research, came across the Adult Friend Finder files in March. She said she held off on publicizing the information for a few weeks before contacting two security experts.

"I really didn't know what to do with the data," she said. "I assumed it was some type of extortion."

She eventually wrote a blog post on April 13, which didn't name Adult Friend Finder but identified the online nickname of the person who leaked the files, whose goes by ROR[RG].

Before posting links to the files, ROR[RG] wrote a message directed at Adult Friend Finder saying "this is for owing my guy $247,938.28." He wrote in another post: "I am in Thailand. It is a pervo website. They owe my guy money."

The administrator of the underground forum wrote on Friday that it "only took 74 days to confirm the breach," linking to a story on the BBC.

FriendFinder Networks wrote that it had hired FireEye's forensics unit, Mandiant, to investigate along with Holland and Knight, a law firm, and a public relations company specializing in cybersecurity.

"We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected," it said. The company could not be reached for further comment.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags securitydata breachFriendFinder Networks

More about ExcelFireEye

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place