Criminals have boasted online they plan to blackmail millions of Americans and other users of the adult dating site, AdultFriendFinder, after user details were stolen and placed online by a criminal hacker.
A hacker with the alias ROR[RG] carried out the hack that compromised the kinky details of the sexual preferences of some 3.5 million AdultFriendFinder users. The dating site claims 64 million members worldwide.
Anyone can open the stolen files that are freely available online.
ROR[RG] said he blackmailed AdultFriendFinder following the hack, telling the site he'd expose the data online unless the company paid him $100,000. There is no word if Adult FriendFinder paid the amount but ROR[RG] placed the sensitive user details online, leading criminals to praise ROR[RG] for opening the door to a windfall worth millions of dollars.
In an online forum, criminal hackers praised ROR[RG], saying they were going to use the data to attack AdultFriendFinder users, said CNN.
"i am loading these up in the mailer now / i will send you some dough from what it makes / thank you!!" boasted a hacker who goes by the monikler "MAPS."
The hack, which took place last March but which AdultFriendFinder only recently admitted to, exposed user details such as gender, which gender they're interested in hooking-up with, what kind of sexual situations they desire, users' email addresses, usernames, passwords, birthdays and zip codes.
No credit card data is known to have been stolen -- at least not for now.
Cybersecurity experts described the break-in as potentially damaging.
CNN reported that Andrew Auernheimer, a controversial computer hacker, examined the files and used Twitter to publicly identify AdultFriendFinder customers. Simply by using Twitter, Auernheimer uncovered a Washington police academy commander, an FAA employee and a naval intelligence officer who supposedly tried to cheat on his wife, among others.
"I went straight for government employees because they seem the easiest to shame", Auernheimer answered when asked why he did this.
FriendFinder Networks, Inc., parent company of AdultFriendFinder and other adult sites and Penthouse, said it had just become aware of the breach and is working closely with law enforcement and cyberforensics company Mandiant.
It said it doesn't yet know the full scope of the breach, but promised to "work vigilantly," noting that FriendFinder Networks "fully appreciates the seriousness of the issue."
On its homepage, AdultFriendFinder has posted a link to an page updating users about the break-in and the steps they've taken to limit the damage to users.
In its first update on May 22, the site said it had temporarily disabled the username search function and masked usernames of any users it believes were affected by the security issue.
"This means that our members will still be able to log-in using their username and password but the search function will be disabled in an effort to protect members privacy. We are also in the process of communicating directly to members on how to update their usernames and passwords".
The website also noted it is "important to note that, at this time, there is no evidence that any financial information or passwords were compromised".