Email addresses, sexual orientations, and other sensitive details from about 3.9 Million Adult Friend Finder online hookup service are currently available for sale for 70 Bitcoins (around $16,800/€15,300) on an underground website.
Yes, the sex life of almost 4 million subscribers of the casual sex hookup site is now available for anyone to download from the Internet.
Adult Friend Finder website, with a tagline "Hookup, Find Sex or Meet Someone Hot Now," has been breached before April 13 in which nearly 4 Million users have had their personal details compromised.
The details include subscribers' user names, email addresses, dates of birth, gender, sexual orientation, postal codes, and IP addresses, which is a treasure trove for online spammers and phishers.
Database of nearly 4 Million users available online for 70 Bitcoins:
The database has been available on an online forum hidden in Tor anonymity network, which is accessible only through Tor browser.
The hacker nicknamed ROR[RG], who claimed to have leaked the database of millions of Adult Friend Finder users, is offering the full content, unredacted, for 70 Bitcoins.
"I have had so many people ask me to buy the [database] today," ROR[RG] wrote on Saturday in an underground forum.
ROR[RG], who claims to be from Thailand, is also offering his hacking skills for rent. So, anyone interested to break into any company or website can buy his service for 750 Bitcoins, worth around $180,000/ €165,000.
It seems like links to the Adult Friend Finder database have been shared widely on social networks (see above image), so it's not difficult for anyone to get their hands on them.
The depressing part is that how easy is it now for cyber criminals to blackmail Adult Friend Finder users who have their personal information listed in the database.
Response from Adult Friend Finder:
In response to the recent breach, Adult Friend Finder posted a warning on their home page on Friday.
In the update, the sex hookup website's owner FriendFinder Networks, wrote that the company has taken steps to protect its users by disabling the username search and masking usernames of the individuals believed to be affected.
Subscribers can still open their accounts by login with their credentials. Also, the company says, "there is no evidence that any financial information or passwords were compromised."
The details of affected subscribers have been added to 'Have I Been Pwned', a free online service that collects e-mail addresses from data breaches. Thus, anyone can use this service to find out whether he or she is compromised or not.