Adult Friend Finder Hack: What to Do Right Now

Any data breach is a bad thing, as it could put your name, email address or other personally identifiable information in someone else's hands. The newly revealed data breach that affected Adult Friend Finder is arguably even worse. Three and a half million users of the risqué hookup service fell victim to a vengeful malefactor, who revealed a ton of sensitive data, up to and including users' marital status and sexual orientation.

The data was first reported last month by Oregon-based tech blogger Bev Robb, who blogs under the name Teksquisite, and independently discovered on hidden "dark web" sites and publicized yesterday (May 21) by Britain's Channel 4 News. The story goes that a Thailand-based hacker named ROR[RG] claimed Adult Friend Finder owed a friend of his almost $250,000 in unpaid fees. ROR[RG] leaked the data, then threatened to leak more unless Adult Friend Finder coughed up the money, as well as an additional $100,000.

In an email to CSO Online's Steve Ragan, Adult Friend Finder confirmed the breach and said it was working with Mandiant, a Virginia-based company that specializes in post-breach investigations and cleanups.

MORE: What to Do After a Data Breach

The story of a malcontent hacker out for money is nothing new, nor is a breach of user data from a high-profile dating site. What makes this incident interesting is the sheer breadth of information involved. Most data breaches can be mitigated by changing a password or canceling a credit card. But there's no way to change your sexual orientation (so far as we know) or undo the fact that you were seeking an extramarital affair. (Credit card numbers do not appear to be part of the current data dump, nor do account passwords.)

Adult Friend Finder is not a traditional online dating service; it's an entire community of people (mostly men) looking for casual, and often unorthodox, sex. Registered users list their sexual orientation and preferences, and even whether they're married and looking to cheat. This information is ripe for spammers, phishers and blackmailers — plenty of whom frequent the dark web.

People who've seen the Adult Friend Finder data said it didn't take too much effort to choose a username at random and track that person down on Facebook. If the person is a man happily married to a woman, but hunting down gay hookups on the side, a malefactor could easily take advantage of that hidden knowledge. Blackmailing might work, but so would sending a threatening e-mail with a link to phishing malware to steal his credit card.

Among the 3.5 million persons exposed, there are likely to be some high-profile individuals. Already, names of police officers and other public servants found in the database are being sent out on Twitter. Politicians, religious leaders, financiers and other powerful people could be in real trouble if their unusual sexual predilections were public knowledge, and might be willing to pay up to keep them private.

Since the information is located in the bowels of the dark web, it's probably not a great idea to go looking for it, even if you may have been affected by the breach. You can, however, check whether your information is out there at the useful and benign website Have I Been Pwned? If so, change the password on the account right away, and on any other accounts on which you used the same password — even though passwords were not among the stolen data.

Your best bet at this point would be to hope that you have nothing to hide — and if you do, take solace in the fact that with 3.5 million names to choose among, the odds are against you being singled out by criminals.

Marshall Honorof is a senior writer for Tom's Guide. Contact him at mhonorof@tomsguide.com. Follow him @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.

TOPICS
Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi. 

Latest in Online Security
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
Latest in News
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know
Nintendo Switch 2
Nintendo Switch 2 rumored specs — here’s what we know so far
iPhone 17 Pro render
iPhone 17 Pro — 7 biggest rumored upgrades
CAD renderings of the Google Pixel 10 Pro XL
Pixel 10 leak could be good news for all Android phones
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
Lewis Hamilton of Great Britain and Scuderia Ferrari looks on during Sprint Qualifying ahead of the F1 Grand Prix of China at Shanghai International Circuit in Shanghai, China, on March 21, 2025. (Photo by Song Haiyuan/Paddocker/NurPhoto via Getty Images)
How to watch Chinese Grand Prix 2025 online – stream F1 without cable, qualifying highlights
  • ChrisH12
    LOL this isn't the first time they have been breached. Back in the early 2000's I had their ads on my website along with quite a few friends and made great money. While checking my refferal revenue I discovered changing the web URL from /user to /admin instead allowed full access to their back end.
    Reply
  • DataBreachWall
    Truth about Adult Friend Finder Data Breach - http://databreachwallofshame.org
    Reply