
Hacked Adult FriendFinder database reveals extramarital affairs of millions - thestack_alice
http://thestack.com/hacked-adult-friend-finder-database-extramarital-affairs-millions-220515
======
junto
Wow, I'm genuinely surprised that the site was real. I thought it was a scam
based on the "these hot horny girls in your area" ads.

~~~
sputknick
It actually didn't start out as a site for people looking for sex. It was
started by a guy (Andrew Conru) who was looking for people to go fishing with,
he lamented how hard it is for adults to find friends. Soon after he started
the site, people started posting sex pictures, and it pretty quickly became
the focus of the site.

~~~
IgorPartola
That is both sad and very interesting. I have a similar problem with finding
people to go running with me around where I live. Meetup groups around here
are spread over a 50 mile radius or so, so that's no help. Perhaps I can try
the opposite approach and post "hey, looking for a running buddy" on
Match.com, OkCupid, AFF, etc.

~~~
DanBC
There is a niche in the market. Some people have tried to fill that niche, and
they've posted their sites to HN.

The main problems seem to be:

1) The sites only work once you have enough users to make them work, but you
can't get more users until the site works.

2) People use them for sex, which is off-putting to large numbers of users.

OKC should probably set up some kind of meet-friends-in-groups thing.

~~~
dm2
Meetup.com seems to do this successfully, is that the same type of site that
you are referring to?

I've considered going to a computer / technology / entrepreneurship club, but
haven't yet. They also have local groups for dog owners,
walking/fitness/specialty (ballet, dance), FPV drone flyers, sports groups,
and almost anything else I could think of they had a group already started for
it in my city.

Some have memberships fees (completely optional when setting up a new group,
afaik) and some have more strict requirements when joining (a potential
problem but I haven't heard of it being abused).

~~~
giaour
Meetup seems to be successful because it only handles scheduled, group
activities. If your website lets people privately connect with others who live
in the same city, some of your user base will start using it to find sex.

~~~
dm2
> "If your website lets people privately connect with others who live in the
> same city, some of your user base will start using it to find sex."

This seems like something that would be in a David Letterman "Top 10 list of
things to consider for your new website".

------
dredmorbius
More information:

[http://www.cio.com/article/2925874/leaked-database-of-
adult-...](http://www.cio.com/article/2925874/leaked-database-of-adult-friend-
finder-still-online.html)

 _Adult Friend Finder, one of the largest online dating sites, may have been
breached more than two months ago, and the sensitive files—include names,
ages, email addresses, zip codes and more—are apparently still online...._

 _Bev Robb, who does malware and dark Web research, came across the Adult
Friend Finder files in March. She said she held off on publicizing the
information for a few weeks before contacting two security experts._

Possibly an extortion / non-payment issue:

[https://teksecurityblog.com/blog/2015/04/13/hacked-how-
safe-...](https://teksecurityblog.com/blog/2015/04/13/hacked-how-safe-is-your-
data-on-adult-social-sites/)

 _During a fit of rage, a pissed off hacker (going by the handle ROR[RG])
posted 15 downloadable spreadsheets (in zipped file format with credit card
data stripped) to a week-old Darknet forum stating that he had rooted the
adult site database. Why? Because they owed his guy approximately $248,000
USD. He bragged that the company and law enforcement could not touch him
because he was based in Thailand. His ransom demand was set at $100,000 (50G
to begin and 50G to end)._

------
jacquesm
The adult world is _rife_ with such leaks, and hardly any of it ever gets
published. If you've given your credentials to some adult site in the past you
probably could bet even money about whether or not that data fell into the
wrong hands.

In part this is because of the nature of the businesses, they're borderline
and tend to have operators that try to find out just where that border lies in
terms of cost savings, outsourcing and the quality of the employees they hire
(so slipshod work is the norm rather than the exception, and quite a few
operators built scam sites, the employees of which are likely not amongst the
most ethical characters to begin with), in part it is because their systems
tend to hold juicy data and make very fat targets for hackers, either external
or from the ranks of the employees.

If you do use such a service I'd strongly advise you to use _only_
pseudonymous and throw away data and to make sure that if you pay by credit
card that you are talking to some highly reputed processor and _not_ to any of
the servers operated by the company directly. That's a huge risk (it is a huge
risk in any e-commerce environment but with adult the risk is definitely
elevated).

Adult companies have done their bit when it comes to innovation, but when it
comes to security most of them are well behind the times.

~~~
moron4hire
>> Adult companies have done their bit when it comes to innovation...

That tidbit gets bandied around a lot. I've especially seen it lately. I'd be
interested in seeing real data on this. I recall years ago seeing blog posts
from media industry experts saying the idea is an urban myth.

~~~
jacquesm
Well, those media industry experts should be disqualified then. I've witnessed
up close how transaction processing, video, real time interaction between
people and a bunch of lesser innovations were powered and paid for by the
adult industry.

But the heydays are definitely over and now innovation comes from many other
corners and adult companies are no longer in any way near the frontiers.

~~~
Mikushi
Former Pornhub Lead dev here, the media industry experts are right. There are
no more occurrences of DB leaks than in mainstream. And to an extent they are
of lesser importance, most of the user data is garbage, fake email,
throwaways, and so on, CC data is never handled by the site, so in and out
there is nothing of real interest to steal.

~~~
jacquesm
I think you're confusing two issues, the media industry experts statement was
about innovation, the other about leaks.

And I'm happy that pornhub has their act together (you're on the hook for that
one ;)).

But there are many more companies out there than pornhub and quite a few of
those have serious security issues.

Maybe this is because quite a few porn companies still operate on software
that is rather long in the tooth.

------
ronnier
“Among the 26,939 users with a UK email address,” technology producer Geoff
White explains that there were, “just 1,596 who identified as female: a ratio
of one woman to every 16 men.”

Seems about the same as bars, clubs, and most of our working environments.

~~~
M8
There is no reason for women to use it: sex can be easily found offline, and
if they need a provider they will use a different sort of site.

~~~
jkaunisv1
Haha my single female friends disagree. I guess if you're really not picky
about who the sex is with that statement is true.

------
ams6110
Supporting once again the rule I live by: assume that _everything_ you do
online is indelible and public (or will be).

------
ccvannorman
Thank God the government doesn't keep databases like this. Imagine the
consequences!

------
sp332
[https://haveibeenpwned.com/](https://haveibeenpwned.com/) has added the
emails to their index. You can search by email address or username for
accounts involved in various data breaches.

------
davidgerard
Clickbait. Original source: [http://www.channel4.com/news/adult-friendfinder-
dating-hack-...](http://www.channel4.com/news/adult-friendfinder-dating-hack-
internet-dark-web)

------
gesman
>> ...just 1,596 who identified as female: a ratio of one woman to every 16
men.

95% of these "females" are likely spammers, escorts or someone you don't want
to meet in a dark alley.

------
ElijahLynn
Misleading title. The current title implies that the article actually lists
out or provides reference to linked data of extramarital affairs. I didn't see
that in the article.

------
Scoundreller
How long does a parent company have to make a public report, per the
California data breach disclosure law?

------
ElijahLynn
Proof that humans are not actually monogamous creatures.

We are much more inline with open relationships than we think.

Further reading: Sex at Dawn Further watching: Polyamory (HBO)

~~~
duaneb
Sex at Dawn is highly speculative and polemic. Truthfully we have no idea what
our "natural" relationship inclinations are. Personally, I think we are
naturally monogamous but tend to have affairs. Additionally, it's more driven
by economics than it is by sex.

------
martil4life
hey guys I'm curious where can I find this database ? any help

------
voltagex_
haveibeenpwned.com

------
comrade1
Maybe someone can set up adultfriendfinderfinder.com that cross references
this data with accounts on the site so that you can find actual people in your
area instead of fake accounts.

~~~
Sven7
for what joy?

~~~
jameskozart
for the truth

~~~
baldfat
I am already cringing on the New Paper and local news when they do this to
find local politicians and local celbs.

------
bontoJR
Sorry if it is rude, but this news is very funny.

~~~
jacquesm
If you think about this for 10 seconds and realize that (in spite of being
told not to) plenty of people re-use their access credentials across multiple
sites then you'll realize that it is not very funny because it will affect a
_very_ large number of websites as fall-out and that your comment is not just
rude but simply stupid. Large scale hacks like these affect all of us, whether
you like it or not and the reduced trust by consumers affects all of us as
well.

~~~
LordKano
_plenty of people re-use their access credentials across multiple sites_

I learned that lesson 20 years or so ago. Unique passwords for every site now.

