Meanwhile, the person who originally dumped the information on the so-called darkweb, who uses the nickname ROR[RG}, is demanding more than £10,000 for access to the database of users, and capitalising on the news by marketing his cybercrime services.
“I have had so many people ask me to buy the db [database] today,” the hacker wrote on the same forum where the original leak appeared, asking for payment in the anonymised currency Bitcoin.
Around two hours later an employee at Friend Finder Networks then replied with a “read receipt” to say that the warning email had been read.
The online dating company would not comment on the read receipt, but said its “leadership” only became aware of the breach on 20 May when contacted by Channel 4 News.
Either way, the database dump itself is 570 megabytes, and assuming the data was exfiltrated in a few large transactions, it would have been very noticeable on a network level.
That is, if Adult Friend Finder were using a solution that provided visibility into network traffic.
What's often not highlighted in these cases is the monetary value of such a breach.Spear phishing becomes a lot easier when attackers not only have an email address, but also location, language, and race.The source IP addresses collected can even provide pinpoint street locations for attacks.“Friend Finder employees receive hundreds of sales and marketing spam messages daily, including many from third party cyber security consultants, and any earlier communication on this specific issue was directed to junk mail folders and not considered a legitimate email,” the company said in a statement.In addition to launching an internal review, Friend Finder Networks has hired Mandiant, a high-profile cybersecurity company, to investigate the hack, and is working with the FBI.“Or if you need I will break into any company or site for 750 in under seven days,” the writer adds.Adult Friend Finder, an online “dating service” and its affiliates were hacked in April.Many would argue that having an email address and the associated data might be of little value.However, much the same way metadata collection provides insight to the NSA, this type of information provides attackers with plenty of leverage that can be used against the public.Friend Finder was launched in 1996 by Andrew Conru.After discovering that users had been using the service to seek sexual partners, he launched Adult Friend Finder as a spin-off, followed later by other spin-offs dealing with different regions and niches.