On Friday, news broke that 3.5 million personally identifiable records had been released from systems owned by the adult-oriented website, AdultFriendFinder. The really interesting part was not so much the temptation of fingers and overly voracious passers-by, but more so the number of people crawling behind their monitors across the vast expanses of the internet.
Adult Friend Finder is not a recipe swap or knitting site by any stretch of the imagination. Rather than rehash what has already been said, I would ask you to read Steve Ragan’s excellent post.
Word of Adult Friend Finder first surfaced last month. A computer consultant and Darknet researcher, who prefers to be known as Teksquisite, discovered the files on a forum in April. Salted Hash, seeking to confirm his findings, discovered the same messages and files in no time.
The hacker claiming responsibility for the breach says he is from Thailand and has started bragging about being out of the reach of US law enforcement due to his location.
While the long arm of the law might not be a concern for attackers who fled with the dirty information, others should be concerned. And who could these people be? Well, I had the opportunity last night to dig through posts on underground sites for information relating to the data breach. I noticed a rather unfortunate trend.
If the information contained in the widely shared database breach is to be trusted, there are many people who need to watch a talk by The Grugq on SECOP. Many people have used a disposable email address on Hotmail, Gmail, and Yahoo to sign up for their accounts on Adult Friend Finder. Good idea. I’m not the rock-throwing type. People love to have fun and that’s their prerogative. Any fake statistician can tell you that 84% of people engage in sexual activity and the remaining 16% lie about it.
The problem that arose was that, buried in the data, people were using their work email addresses to sign up for Adult Friend Finder. Some people I spoke to who were familiar with the data noticed that there were email addresses for people serving in the US Army, US Air Force, Australian Army as well as service members. Colombian, Brazilian and Canadian Forces. It was just based on a quick research.
To that end, according to the leaked data, government-linked email addresses have shown that staff members around the world have signed up with their work email. Rather amazing that people do such a thing.
So why is this a problem? Well, an enterprising guy could track down a person by just searching. In a scenario, maybe someone could find a member’s home address, current position, and… the names of his wife and children, for example.
I’m not the type to pass judgment. But, I will suggest that if you are going to sign up for a service like this, you are using disposable email and limiting the information you share. Otherwise, you could receive an email from someone demanding payment so as not to destroy your life or worse, ask you to disclose confidential information that could put other people at risk.
(Image used under CC from Sergio fabara)
Copyright © 2015 IDG Communications, Inc.