Adult FriendFinder website breached; compromising data leaked online

Following news earlier in the week that 9% of employees access adult material on work devices comes a story demonstrating why this is such a bad idea.

Adult FriendFinder, which the BBC euphemistically describes as a “casual dating” site, has suffered a data breach affecting the information of 3.9 million of its 64 million members – 7 million of whom live the UK. Details leaked on a darkweb forum include email addresses and sexual preferences.

Channel 4 News reported yesterday that its investigations into “the cyber underworld” had led it to “a secretive forum in which a hacker nicknamed ROR[RG] posted the details of users of Adult FriendFinder.” One user it contacted said he had been “targeted with virused emails since his information was made public.”

Self-employed IT consultant Teksquisite blogged about discovering the forum post last month, saying that the files include “more than enough data to enable a cyber-criminal to conduct a massive phishing campaign”. And if criminals use the leaked Adult FriendFinder data to target phishing campaigns at users based on their particular predilections, then their success rate – and the wider consequences, such as widespread malware infection on personal and work computers – is likely to be high.

Adult FriendFinder’s owner, California-based FriendFinder Networks, said in an emailed statement that it had “only just been made aware of this potential issue” and was launching an investigation.

“Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation.

“We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected.”

Phishing awareness

Every day, 156 million phishing emails are sent, 15.6 million make it through spam filters, 8 million are opened, 800,000 recipients click on the links, and 80,000 of them unwittingly hand over their information to criminals.

It only takes one dodgy email to get through your technological defences to wreak havoc in your organisation. If your staff aren’t adequately trained to detect phishing attacks, your networks and corporate information are at serious risk.

All staff can be made aware of their information security obligations with IT Governance’s staff awareness courses:

If you’re concerned about your organisation’s susceptibility to insider security threats, you need to ensure that everyone in the organisation behaves responsibly.

Click here to find out more about information security staff awareness e-learning or call us on 0845 070 1750 to arrange a free demonstration.