Adult Friend Finder Exposed in Latest Breach

You would think after the Ashley Madison incident, where nearly 37 million cheating men and women had their data stolen, sites like Adult Friend Finder would up their cybersecurity. Wrong! On Sunday (November 13^th), the website Leaked Source revealed that hackers had compromised the servers of Adult Friend Finder, Penthouse.com, and Stripshow.com. Adult Friend Finder, which advertises itself as “the world’s largest sex and swinger community,” was hit the hardest with over 339 million accounts stolen. Penthouse.com and Stripshow.com had tens of millions accounts breached, totaling nearly 412 million altogether. The size of this data breach is second only to the Yahoo breach that occurred in October where over 500 million accounts were affected.

Who’s Affected?

The stolen data, which dates back over 20 years, includes information such as usernames, emails, join dates and the date of a user’s last visit. Passwords were also included in the data with a vast majority of them featuring unsecured protections.

Currently, there are only about 40 million active users on all the breached sites combined. However, the data stolen includes users who have registered for the site at any point in time. If you have created an account for any of these sites, your data is at risk. According to Leaked Source, 15 million of the breached usernames and passwords appear to come from users who have deleted or intended to delete their accounts.

How Serious Is This Data Breach?

While the data stolen in the breach hasn’t been released to the public, we can all assume that it will be at some point. The information is most likely for sale on the dark web where an individual can purchase the data and do whatever he or she pleases with it. The Ashley Madison breach had the names of 32 million users’ accounts released to the public which severely affected the personal lives of those individuals. The timeline below shows the events that unfolded after the data breach and Adult Friend Finder could soon see themselves following the same path.

• July 19, 2015 – The Impact Team, a cybercriminal espionage group, published sensitive information of 32 million users from Avid Life Media, the company that owns Ashley Madison along with a number of other hookup services.
• August 18, 2015 – The Impact Team released a data dump that is posted on the dark web. The data included names, passwords, addresses, phone numbers and credit card transactions of the site’s users.
• August 19, 2015 – The Ashley Madison data dump is posted on the open web, making its information searchable on public websites.
• August 21, 2015 – Two Canadian law firms file a $578 million class-action lawsuit against Avid Dating Life, Inc. and Avid Life Media, Inc. on behalf of Canadian citizens who were affected by the data breach.
• August 25, 2015 – Scammers and extortionists began to target Ashley Madison’s users. These individuals threatened to publicly shame users online for their use of the website unless they send a bitcoin payment to the blackmailers. Cybercriminals also started to use the data to distribute malware through phishing campaigns.
• August 28, 2015 – Ashley Madison released a statement announcing the resignation of Avid Life Media CEO Noel Biderman, effective immediately. Biderman was an avid (pun intended) user of Ashley Madison and had his affairs exposed through the data breach.
• August 31, 2015 – Despite the fallout from the recent breach, users continued to take advantage of the site’s features. Ashely Madison issued a statement stating that 2.8 million women sent and received messages during the week of Aug. 24^th. An additional 90,000 reportedly signed up for the services during the same week.

Aftermath

Based on the events of the Ashley Madison case, we can assume that Adult Friend Finder will find themselves in a similar situation. FriendFinder Networks Inc., the company that runs Adult Friend Finder, Penthouse.com, and Stripshow.com will probably be named in a lawsuit within the next month. CEO Jonathan Buckheit will certainly be under a lot of pressure and could find himself looking for employment during this time as well.

As for the individuals affected, we don’t have good news for you. It is expected that the database will first be released and sold on the dark web. Once that happens, we suspect that the names and email addresses of the individuals who have or had accounts with these sites will be released to the public. There is almost nothing anyone can do about that. 

However, to ensure your other accounts (bank and credit card accounts) aren’t affected, the usual post-hack advice applies. Immediately change your passwords on the affected site as well as sites where you use the same password. We always suggest that you have a different username and password for every login that you have. While this is extremely difficult to do given the amount of login information you have likely accumulated, you will be especially thankful in times like these. Lastly, two-factor authentication is always a good idea, particularly for accounts that have very personal and sensitive data on them.