A massive data breach of the adult dating and entertainment company Friend Finder Network has exposed more than 412 million accounts including over 15 million “deleted” records that had not been purged from the company’s databases.
The exfiltrated records included 339 million accounts from AdultFriendFinder.com, which the company promotes as the “world’s largest sex and swinger community.” 62 million accounts from Cams.com, and 7 million accounts from Penthouse.com were stolen, as well as a few million from other smaller properties owned by the company.
The data accounts for 2 decades worth of data from the company’s largest sites, according to breach notification LeakedSource, which obtained the data.
Why does this matter? Because outside of the fact that people, even people who had deleted their accounts, private and personal information was stolen, CyberCriminals will be using this information to victimize these people again, and again. Spammers, phishers, and blackmailers will be rubbing their hands together in anticipation, never mind the divorce lawyers and private investigators that will be pouring over their data for clients.
All of these 339 million registered AdultFriendFinder users are now a target for a multitude of social engineering attacks. People that had straight or gay extramarital affairs can be made to click on links in emails that threaten to out them.
As in the Ashley Madison case a while ago, you can expect phishing emails that claim people can go to a website to find out if their private data has been released. A sample of one of the phishing emails sent out in the Ashley Madison case is:
Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information.
If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approx. value 625 USD) to the following address:
1B8eJ7HR87vbVbMzX4gk9nYyus3KnXs4Ez [link added]
Sending the wrong amount means I won’t know it’s you who paid.
You have 7 days from receipt of this email to send the BTC [bitcoins]. If you need help locating a place to purchase BTC, you can start here…
On the other side of the spectrum, other phishing emails will be received that lures people into clicking on a link to a website to see if their spouse has not been faithful. The subject line will likely be something similar to “Your spouse was found on the AdultFriendFinder list”.