Adult friend finder
Everything from email and home addresses, to sexual preferences and whether the user was looking for relationships outside of their marriages have been lifted.
This includes people who thought they deleted their accounts.
However, much the same way metadata collection provides insight to the NSA, this type of information provides attackers with plenty of leverage that can be used against the public.
Spear phishing becomes a lot easier when attackers not only have an email address, but also location, language, and race.
In addition to launching an internal review, Friend Finder Networks has hired Mandiant, a high-profile cybersecurity company, to investigate the hack, and is working with the FBI.
Meanwhile, the person who originally dumped the information on the so-called darkweb, who uses the nickname ROR[RG}, is demanding more than £10,000 for access to the database of users, and capitalising on the news by marketing his cybercrime services.
In a statement, Adult Friend Finder parent company Friend Finder said that they understand the seriousness of the situation.
“We have already begun working closely with law enforcement and have launched a comprehensive investigation with the help of leading third-party forensics expert,” the company said in a statement.
The attack methodology deployed in this instance was not released, but it would be fair to assume that it leveraged a kind of SQL Injection attack or similar, where the information is wormed out of the back-end database through a flaw in the webserver.What's often not highlighted in these cases is the monetary value of such a breach.Many would argue that having an email address and the associated data might be of little value.Channel 4 reported that within hours of the data being posted online, hackers began swarming to buy email addresses to target with them phishing scams.One victim told the station he'd already been hit with virus-laden emails.