Company warns of expected scams resulting from the 339 million adult accounts pilfered from sex community including fifteen million “deleted accounts”
(Tampa Bay, FL) November 14, 2016--KnowBe4 sent out an urgent alert this morning, warning organizations of 2016’s largest data breach of the adult dating and entertainment company Friend Finder Network exposing more than 412 million accounts, including over 15 million "deleted" records that were not purged from the databases.The exfiltrated records included 339 million accounts from AdultFriendFinder.com, which the company promotes as the "world's largest sex and swinger community."
On top of the AdultFriendFinder records, 62M accounts from Cams.com, and 7M from Penthouse.com were stolen, as well as a few million from other smaller properties owned by the company. The data accounts for two decades' worth of data from the company's largest sites, according to breach notification LeakedSource, which obtained the data. ZDNet broke the news.
Per Stu Sjouwerman, CEO of KnowBe4, "This is criminal negligence, as it's not the first time. This hack is very similar to the data breach they had last year. Their procedures and policies are severely lacking, even users who believed they deleted their accounts have been stolen again. AdultFriendFinder has failed to learn from their mistakes and now 412 million people are high-value targets for blackmail, phishing attacks and other cybercrime. This is ten times worse than the Ashley Madison hack. Wait for a raft of class-action lawsuits."
Sjouwerman predicted cyber criminals would leverage this event in several ways: (spear-) phishing attacks, bogus websites where you can "check if your spouse is cheating on you", or ways to find out if your own extramarital affair has come out. There will be phishing emails that claim people can go to a website to find out if their private data has been released.
Sjouwerman noted, “Any of these 339 million registered AdultFriendFinder users are now a target for a multitude of social engineering attacks. People that have had extramarital affairs can be made to click on links in emails that threaten to out them.
This is a nightmare that will be exploited by spammers, phishers and blackmailers who are now gleefully rubbing their hands, let alone the divorce lawyers and private investigators that are going to pour over the data.”
KnowBe4 shared an example of a phish that came out after the Ashley Madison extortion warning users to expect the bad guys to do the same thing with AdultFriendFinder which can be found on the KnowBe4 blog.
KnowBe4 recommends IT Managers take immediate preventive action to warn users. It only takes one second for a worried end-user (or admin) to click on a link in an email and expose the network to attackers.
Sjouwerman said, “Stepping users through new-school security awareness training is an absolute must these days. For KnowBe4 customers, we have a new Current Events template that lures people into clicking on a link to a website to see if their spouse has not been faithful. The subject of the template is "Your spouse was found in the AdultFriendFinder list". When we sent a template out after Ashley Madison, 4 percent of users clicked. This is a higher risk incident.”