Dating site AdultFriendFinder has suffered a major breach, exposing the personal details and sexual preferences of as many as four million members.
The site, owned by California-based FriendFinder Networks, has over 60 million members globally including seven million in the UK.
Aside from highly sensitive details such as sexual orientation and predilections for extra-marital affairs, the hackers made off with information including email addresses, usernames, dates of birth, postcodes and IP addresses, according to Channel 4 News.
The broadcaster learned of the breach after discovering the credentials for sale on a darknet site.
Included in the 3.9 million breached records are those belonging to users who quit the site, the report claimed.
It’s now expected that cyber-criminals will use the details to launch follow-up spam, phishing and malware attacks, and potentially even try to blackmail the victims.
Some of the email addresses seen are apparently linked to government and military personnel.
In a statement released to Channel 4, FriendFinder Networks claimed that it “understands and fully appreciates the seriousness of the issue.”
“We have already begun working closely with law enforcement and have launched a comprehensive investigation with the help of a leading third-party forensics expert,” it added.
“We pledge to take the appropriate steps needed to protect our customers if they are affected.”
Tripwire senior security analyst, Ken Westin, argued that the stolen information could be used to build up an accurate picture of the victims’ identities.
“Depending on the type of information that is compromised this data can be used to link aliases to other accounts via email or other shared attributes and unveil connections to accounts that were not seen until now,” he added.
“An example would be a politician that may have created an account using a fake name, but used a known email address for their login details, or a phone number that can be mapped back to their real identity. This is an example of how data like this can lead to further blackmail and/or extortion by a malicious actor seeking to profit from this type of information.”