Adult Friend Finder, a casual dating website, has called in police and investigators after a suspected leak of client information as many as 3.9 million of Adult Friend Finder’s 64 million members had been leaked, including personal details such as email addresses.Tripwire security experts on the AdultFriendFinder data breach:
Ken Westin, senior security analyst for Tripwire (www.tripwire.com), said:
“The Internet has essentially become a database of You. As more data is breached, this information can be sold in underground markets and can create a very vivid profile of an individual. When dating information is compromised it can be used to embarrass individuals, which can lead to blackmail as well as highly targeted phishing campaigns.
Depending on the type of information that is compromised this data can be used to link aliases to other accounts via email or other shared attribute and unveil connections to accounts that were not seen until now. An example would be a politician that may have created an account using a fake name, but used a known email address for their login details, or a phone number that can be mapped back to their real identity, this is an example of how data like this can lead to further blackmail and/or extortion by a malicious actor seeking to profit from this type of information.”
Tim Erlin, director of IT security and risk strategy for Tripwire, (www.tripwire.com) added:
“Aside from the known value of compromised personal details on the dark web, there’s certainly the potential for blackmail from this breach. If any high profile, public figures or politicians have been using AdultFriendFinder, they might consider how the details they entered there could be used against them.
It’s become a standard pattern to see these breach announcements with minimal details, followed by more information as investigators get involved. It’s not unusual for the scope of a breach to expand as forensics experts are engaged and gain access to data.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.