The private data of almost four million users of the online dating site AdultFriendFinder.com is for sale and can be bought for only 70 BTC, a little less than $17,000.
The data is being sold by the hacker that attacked the site earlier this year. It is unclear when the hack occurred, but this seems to be the same attack described by security researcher Bev Robb in a blog post published in April. However, AdultFriendFinder.com only admitted that its security hasd been breached last week.
The attack was allegedly carried out earlier this year by at least one hacker known as ROR[RG], Bev Robb said. On April 13th, the digital safety expert said he had “discovered a treasure trove of hacked data that appears to be from an adult social networking” during one of his excursions to the Deepweb. “This particular adult site is one of the most heavily-trafficked websites in the world, boasting an Alexa US page rank slightly above 747,” the blogger wrote.
During a fit of rage, a pissed off hacker (going by the handle ROR[RG]) posted 15 downloadable spreadsheets (in zipped file format with credit card data stripped) to a week-old Darknet forum stating that he had rooted the adult site database. Why? Because they owed his guy approximately $248,000 USD. He bragged that the company and law enforcement could not touch him because he was based in Thailand. His ransom demand was set at $100,000 (50G to begin and 50G to end).
According to Robb, the hacked database – which contains 3,867,997 unique emails – includes enough data to enable a massive phishing campaign, according to security researcher Troy Hunt.
The hacked data includes email addresses, birth dates, locations, and IP addresses of the users, amongst other highly sensitive information. The database even includes information about the personal interests of many users, which could be especially damaging to the site’s married customers.
“It’s a very nasty breach and unfortunately it reinforces the old adage that on the web, your privacy is pretty much gone unless you take very conscious steps to hide your identity (which is hard on a site which is there to enable physical encounters),” Hunt told Motherboard.vice in an email.
Now, ROR[RG] wants to make the most of the widespread attention received by the hack. “I have had so many people ask me to buy the db [database] toda. All the newz flooded my shit. i gotta feed mine,” the hacker wrote in a dark web forum on Saturday.
It is unclear for now how many people have bought the database so far. However, the experts have noted that anyone who tries to buy the information becomes vulnerable to other extortionists.
On a related note, the hacker ROR[RG] recently offered to “break into any company or site” for 750 BTC in less than a week.