Information about millions of AdultFriendFinder (part of FriendFInder Networks Inc.) was dumped earlier this week on the Dark Web, along with the promise of even more details for those willing to pay Bitcoin in exchange for the information.
The hacker who released the information goes by the name of ROR[RG] and initially attempted to blackmail Adult FriendFinder for $100,000 in exchange not dumping the information as well as claiming that the company owed a friend approximately $248,000.
ROR[RG]:
i have had so many people ask me to buy the db today
all the newz flooded my shit
i gotta feed mine
buy the full friend finder database with all info it is 70 bitcoin PM me
or if u need i will break into any company or site 4 750 in under 7 days send me the url ip
The attack itself took place in March and was brought to the public’s attention by independent IT security consultant Bev Robb on April 13 when she reported that a hacker had posted a collection of 15 downloadable spreadsheets (with credit card information removed). The publicized files contain more than enough information for anyone armed with a little determination to identify users and potentially target them for spam or blackmail.
Below are some of the comments from FriendFinder Networks Inc. about the breach:
“There is no evidence that any financial information or passwords were compromised; …”
“We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected, …”
“We have already begun working closely with law enforcement and have launched a comprehensive investigation with the help of leading third-party forensics expert, Mandiant.”
“Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation.
If you’re concerned about whether your e-mail was included in the initial dump, you can use the haveibeenpwned tool to be certain, which also cross-references it against other online data breaches.