When a company or website you trust gets hacked, it can be pretty unnerving. Particularly if you trusted that company with your credit card or medical information. But what if the hackers had knowledge of your sex life instead? That could be a reality: AdultFriendFinder has suffered a massive data breach.

The UK’s Channel 4 News reports that 3.9 million AdultFriendFinder users have had their information leaked on a darknet forum, including their emails, usersnames, dates of birth, ZIP codes and IP addresses—and, yes, in some cases, whether they’re gay or straight. The data “even indicates which ones might be seeking extramarital affairs,” according to Channel 4. Oh boy.



Needless to say, that data could be very useful if you’re a hacker trying to blackmail people for money... and Channel 4 says that may already be happening. The news agency tracked down a man named Shaun Harper who’s received an influx of spam since his info went public.

Even more worrying, Harper claims he’d deleted his account, yet somehow his information still got leaked—suggesting that AdultFriendFinder may not get rid of data after customers leave.

AdultFriendFinder parent company FriendFinder Networks confirmed that there’s been a data breach, but wouldn’t say how many users have been affected or to what degree. Here’s the statement via the BBC:


FriendFinder Networks Inc. has only just been made aware of this potential issue and understands and fully appreciates the seriousness of the issue.”

We have already begun working closely with law enforcement and have launched a comprehensive investigation with the help of leading third-party forensics expert, Mandiant.

Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation.

We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected.

According to Channel 4 News, the data came from a hacker named ROR[RG]. When we searched for that handle, we found this post at Teksecurity from April 13th which describes the same hack, and suggests that ROR[RG] actually attempted to blackmail AdultFriendFinder to the tune of $100,000 before publishing the data.


Sounds like AdultFriendFinder decided not to pay.

[Channel4 via BBC News, Teksecurity]

Contact the author at sean.hollister@gizmodo.com.