Included in the exposed personal information are customers’ email addresses, usernames, passwords, birthdays and zip codes, in addition to their sexual preferences. No credit card data has yet been uncovered as part of the hack.
That data is incredibly revealing and potentially damaging.
Andrew Auernheimer, a controversial computer hacker who looked through the files, used Twitter to publicly identify Adult FriendFinder customers, including a Washington police academy commander, an FAA employee, a California state tax worker and a naval intelligence officer who supposedly tried to cheat on his wife.
Asked why he was doing this, Auernheimer said: “I went straight for government employees because they seem the easiest to shame.”
Millions of others remain unnamed for now, but anyone can open the files — which remain freely available online. That could allow anyone to extort Adult FriendFinder customers.
For instance, the security consultant Robb reported that one person whose information was hacked was a 62-year-old Hispanic male from New Jersey, who worked in advertising and has a preference for the “subporno” forum. That, combined with his username and other account details, gave Robb enough information to Google him, find his real name, and find his social media pages.
The information exposed can be particularly devastating to people living in small towns, where they are more easily identified. For example, one person exposed in the hack is a 40-year old welder from a small Illinois town of a few thousand people. He “will become anybody’s slave” and lied about his age on the site, claiming to be 29.
The breach was carried out by a hacker who goes by the moniker ROR[RG]. In an online hacker forum, he said he blackmailed Adult FriendFinder, telling the site he would expose the data online unless the company paid him $100,000.
On the forum, hackers immediately praised ROR[RG], saying they were planning on using the data to attack the victims.
“i am loading these up in the mailer now / i will send you some dough from what it makes / thank you!!” wrote a hacker who goes by “MAPS.”
FriendFinder Networks Inc., parent company of Adult FriendFinder and other adult sites and publications including Penthouse, said in a statement that it had just become aware of the breach, and it is working closely with law enforcement and cyberforensics company Mandiant, a FireEye() subsidiary.
The company said it doesn’t yet know the full scope of the breach, but it promised to “work vigilantly,” noting that FriendFinder Networks “fully appreciates the seriousness of the issue.”
“We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected,” the company said.