A hacker released the personal data of 3.5 million users of dating site Adult Friend Finder, including private information like sexual preferences and fetishes, a giant breach of one of the most-trafficked dating sites in the world. And there may be more hacks to come.
A lone hacker known as ROR[RG] uploaded fifteeen spreadsheets worth of passwords, birthdays, email addresses, and zip codes — along with the aforementioned sexual preferences and fetishes — of AdultFriendFinder users, allegedly because the site owed his friend money.
Though no credit card data is attached, the files have been viewed over 1700 times, and it is easy to identify some users through a quick Google search, according to Independent IT security consultant Bev Robb, who first reported the hack in a series of blog posts.
Infamous hacker Andrew “Weev” Auernheimer, who spent over three years in prison for exploiting an AT&T security flaw and leaking the data of 114,000 iPad users, claimed on Twitter that he would be using the hack to out certain individuals who used the site.
Thanks to @adultfriendfind‘s shit security, I now have a list of millions of people tagged by sexual preferences. Lulz will come of this.
— Andrew Auernheimer (@rabite) May 22, 2015
Auernheimer subsequently tweeted the names, locations, and occupations of select AdultFriendFinder users.
While the current data does not have credit card information, ROR[RG] has offered the information to the highest bidder.
In the screenshot, ROR[RG] asks for 70 bitcoin (worth a little under $17,000) for the full AdultFriendFinder dataset with credit card information included. He also offers to do an identical hack on any company’s databases for 750 bitcoin (around $180,000).
It’s another unfortunate reminder that despite assurances, personal information can never be 100% safe. As Pew Research survey data shows, most Americans are already aware of this.
A vast majority of those surveyed had no confidence or very little confidence that records of their activity would remain secure, with the lowest confidence scores coming for online-only businesses — online advertisers, social media sites, video sites, and search engines.
A separate Pew survey found that 93% of respondents said being in control of who can get information about them was important, while 90% said controlling what information was collected about them was important.
Americans say the safety of their personal information is important, yet are often obligated to provide personal information to companies they have little confidence will keep their information safe.