Cybercriminals have begun targeting the affected users

May 22, 2015 15:36 GMT  ·  By

A number of 15 Excel spreadsheets containing sensitive information about users of the adult version of the online dating service Friend Finder have been published on an underground forum.

The website is intended for people looking for casual sex and has a subscriber base of tens of millions of users worldwide.

Company has learned about the incident only recently

The company has released a statement on Friday saying that it “has just been made aware of a potential data security issue” and is currently making efforts to understand the full scope of the incident.

Law enforcement is already involved in the investigation and forensics experts from FireEye’s Mandiant have been called in to assess the damage, provide mitigation solutions and measures to prevent similar events in the future.

The amount of individuals affected by the leak reaches 3.9 million, according to UK’s Channel 4 News on Thursday, whose email addresses, usernames, dates of birth, postal codes, sexual orientation, gender, race and computer IP addresses are now available online, on a website accessible via TOR anonymity network.

Database sitting online for at least one month

It appears that the incident occurred before April 13 and it was described in a blog post by dark web researcher Bev Robb, who did not name Adult Friend Finder as the target, but said that the archived spreadsheets were posted by a hacker using the online handle ROR[RG], the same one identified by Channel 4.

The reason the hacker gave for his action was that the website “owed his guy approximately $248,000 USD [€225,000].”

“He bragged that the company and law enforcement could not touch him because he was based in Thailand. His ransom demand was set at $100,000 [€90,500] (50G to begin and 50G to end),” Robb wrote.

It is unknown how many times the databases have been downloaded, but the post was seen by thousands of people, and some of them started targeting the Adult Friend Finder victims with phishing emails.

At the moment of writing the information was still available online, as confirmed by security researcher Troy Hunt. In a tweet on Friday, he said that the data dump contained 3,867,997 unique email addresses, some of them belonging to deleted accounts.