We’ve seen a lot of big hacks in recent years. Adobe and Target are two of the larger ones that come to mind, but then they were just credentials and credit cards which are both readily replaced and cause limited long term damage by their untimely exposure. But there’s a whole other class of breach that’s much more worrying and that’s the kind that seriously hits you in the sensitive privacy regions.
Just last week, I wrote about the mSpy breach and how a whole bunch of rather sensitive info was now up for grabs on the web. This included information which was inevitably obtained through surreptitious means because that’s what a “spy” program does! Regardless, it’s highly personal info and inevitably there’s a heap of data in those gigabytes of breached material that’s going to cause people serious personal pain. Not the “now I need to reset my password” kind of pain, but the “now my nudes are public” kind instead.
And now, just in the last day, we’ve seen Adult Friend Finder breached and almost 4M personal records dumped onto the web. Now when they say “friend”, that’s not quite what the site is all about. You get a better sense of the intent of the site when you look at the stock photos on the homepage and an even better idea again when you read the tagline “Dating, Hookup and Sex Community”.
In the dump of data was a veritable treasure trove of highly sensitive personal information. The usual email address, username and birth date (although as I’ve said before, something like birthdate shouldn’t be a usual attribute for almost all websites), but in addition, highly sensitive data of the kind you’d expect to find in order to help someone determine the attributes and orientation of their next sexual encounter.
Gender, relationship status, sexual preference, the type of sexual encounter they’d like to engage in (the dumped data spanned specific sites of sexual “discipline”) and just to make sure there’s no ambiguity about who the person exhibiting these preferences really is, their IP address too. This is now public, irrevocable information that will forever sit as discoverable records for the millions of impacted users of the site.
This is clearly alarming and despite any moral objections people may have to a site of this nature, it’s a gross invasion of privacy. A site like this by its very nature needs to collect extremely sensitive data in order to provide a service that matches mutually compatible parties. There’s no point in customers of the site falsifying a good whack of the information on the site as they wouldn’t be appropriately paired (or tripled, depending on their preference) with the correct party (parties).
So what’s left? False name. Incognito email address. VPN or anonymising service. Anything that works on the assumption from the very outset that data like this may one day become public because unfortunately, the only safe assumption is that you have no privacy.