You can now buy the private data of almost 4 million users of the hacked hook up website AdultFriendFinder for a little less than $17,000—in Bitcoin, naturally.
AdultFriendFinder, a dating site for online and real life hookups, admitted that it had been breached last week. The attack was allegedly carried out earlier this year by a hacker that goes by the name of ROR[RG], according to security researcher Bev Robb, who first wrote about the breach.
Now, given the widespread publicity and attention received by the hack, which exposed millions of people who were looking for cyber or real life intimacy, including of some who were married, ROR[RG] apparently wants to cash in.
“I have had so many people ask me to buy the db today,” the hacker wrote in an underground dark web forum on Saturday. “All the newz flooded my shit. i gotta feed mine.”
The hacker asked for 70 Bitcoin (around $16,700 at the time of writing) for the database, which contains 3,867,997 unique emails, according to security researcherTroy Hunt, who has examined the dump.
The database contains email addresses, birth dates, locations, and IP addresses of the users. For some of them, there’s even an entry that shows which ads they responded to or advertised for, such as “subbdsm,” or “subsexowebcamporno.”
It’s unclear how many people have taken the bait and offered to buy the database from ROR[RG]. Motherboard reached out to ROR[RG] through the forum’s private messaging service, but we haven’t heard back yet. There’s also a chance we never will either, since ROR[RG], in a previous post, didn’t seem very keen on answering media questions.
“i am fuckin on fire. cnn msnbc cbs fox,” he wrote. “agencies be messaging me man fuck them.”
As we noted on Friday, the breach reveals highly sensitive and potentially damaging information.
“It’s a very nasty breach and unfortunately it reinforces the old adage that on the web, your privacy is pretty much gone unless you take very conscious steps to hide your identity (which is hard on a site which is there to enable physical encounters),” Hunt told Motherboard in an email.
Well-known security reporter Brian Krebs called it a “boon” to extortionists, noting that it’s relatively easy to link the email addresses to Facebook accounts. In 10 minutes of research, Krebs wrote that he was able to “locate more than a dozen active Facebook accounts apparently tied to married men.”
In his most recent post, ROR[RG] also offered to “break into any company or site” for 750 Bitcoin (around $180,000) in less than a week.
One thing is certain, the AdultFriendFinder breach has been a boon for the hacker behind it, who’s looking to profit off of it in any way he can.