While there’s no concrete evidence that the payments information attached to the accounts were compromised, the online dating site Adult FriendFinder admitted that its database was breached — impacting an estimated 4 million members, according to multiple media reports.
But the scope of the breach hasn’t been fully discovered.
The site itself already has its attachment to controversy, as the salacious website is know for its 63 million users who are seeking casual relationships that are kept secret — and often on the non-traditional relationships side (“swinger groups, threesomes, and a variety of other alternative partners” as the site boasts). So when a site where the data, and member names, are especially sensitive, this data breach has potentially more on the line than a traditional breach where people’s addresses or emails are simply hacked.
CNET said a spokesman confirmed that Adult FriendFinder has an internal investigation underway, and has brought in authorities to help on the case. The site is also “temporarily disabling the username search function and masking usernames of any users we believe were affected by the security issue,” according to the report. That spokesman said there wasn’t evidence that financial information was compromised, but said the investigation confirming those details hasn’t been concluded.
So while most of the breach headlines recently have talked Home Depot, Target or even the White House, this particular breach has caught the mainstream media’s attention in large part because of the sensitive data that would could have been leaked — along with the slew of personal information that was shared in members’ preferences provided to the site. If payments data actually ends up being compromised, that could be the least of these impacted members’ worries.
But breaches as large scale as this one could also impact the victims far beyond just initial personal data, says one cybersecurity expert.
“Where you’ve got names, dates of birth, ZIP codes, then that provides an opportunity to actually target specific individuals whether they be in government or health care for example, so you can profile that person and send more targeted blackmail-type emails,” said Charlie McMurdie, a cybercrime specialist for PwC.