Data Breach of Adult Dating Site Exposes Victims to a Different Kind of Threat
Online adult dating site AdultFriendFinder recently reported that they've been breached, and have sought the help of law enforcement and security specialists to investigate the incident. According to the report, the information of close to 4 million of its subscribers have been leaked on a darknet forum, exposing emails, usernames, dates of birth, ZIP codes.
While data breaches have hit a number of different industries that include retail, medical, and educational sectors as well as government institutions, the sensitive nature of the data exposed in this breach presents a different type of risk for its subscribers.
[More: Articles on data breach incidents, prevention, and best practices]
AdultFriendFinder is, after all, different from your normal social media, online dating, or profile sharing platform, and saying that it's nothing like OkCupid—a service that promises "online dating and friendship"—is an understatement. AFF is pretty blunt about what it is and what it offers, with a site description that promises the potential to "Hookup, Find Sex, or Meet Someone New" for its subscribers.
In this incident, the users whose information may have been leaked won't just have to contend with the usual issues normally associated with a data breach (spam, hacked accounts, identity theft and exposed credit card info). The leaked information, which was listed in a number of spreadsheets, doesn't just include personally identifiable information; it also lists some of the users' more personal details, such as sexual preference, which users are open to having extramarital affairs, and which specific adult-oriented forums the user has been most active in.
Unfortunately for affected users, this incident isn't something that can be fixed with the cancellation of a credit card or a changed password. The details that have already been leaked amount to something more than just about protecting an account. It's about protecting private, personal details and a reputation. When personal details of this nature become public, this opens up the breach victims to blackmail and extortion—at the very least, they could expect situations that involve Internet shaming and awkward explanations.
It's not that much of a stretch to imagine how many people would be willing to pay to keep their online activities private (especially when it involves activities on an adult online platform such as FriendFinder). The shame factor would also make it more difficult to investigate extortion activities, since victims are more likely to prefer to pay for silence and sweep these details under the rug than report it to the authorities.
[Related: How cybercriminals use sexually explicit material]
The report also includes another revelation: the site may still be keeping user information even after users delete their accounts. This was according to a user who reportedly tried the service and deleted his account, but his name was still included in the leaked sheets. He also mentioned getting a lot of targeted spam emails ever since the leak. The influx of spam makes sense in this case, since the information found on the leaked lists are enough to profile and single out individuals not just for blackmail purposes, but for phishing campaigns baited with targeted social engineering tactics.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases