Uh-oh - millions of hook-up customers have their details exposed
But AdultFriendFinder still isn't telling new customers it's been hacked
Millions of randy souls have had their personal details, including sexual preferences, leaked online after hook-up site AdultFriendFinder was hacked.
Up to 3.9 million of the site's 64 million users had personal information such as their email addresses and bedroom predilections revealed online, according to Channel 4 News, which broke the story last night.
The casual dating network has now called in police and security experts to help it understand just how far reaching the hack has been.
A hacker known only as ROR[RG] posted the names, emails, postcodes, dates of birth and computer IP addresses of victims of the hack in a forum.
Their sexual orientations and sexual preferences were also posted publicly by the hacker, found Channel 4 News, which said no credit card details have yet surfaced.
The site's owner, FriendFinder Networks, released a statement saying it "fully appreciates the seriousness of the issue", and would take appropriate steps to protect members.
But security expert Graham Cluley wrote in a blog post that, using a pseudonym and fake email address, he had been able to sign up to the site without receiving any warning the site was insecure.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
He said: "Appropriate steps to protect your customers, AdultFriendFinder? How about posting a warning on your website so your members can look out for phishing emails, or malware which might be sent to them?
"What about some advice about the type of threats that users could be exposed to - including, potentially, blackmail - if their membership of the site is uncovered?"
It's the latest in a string of high profile data breaches, including health insurance firm CareFirst's loss of 1.1 million customers' details revealed yesterday by FireEye Mandiant, but which happened a year ago.
Meanwhile, TalkTalk confirmed in February that a fraction of its 4 million customerbase had their accounts compromised in a cyber attack.
The Information Commissioner's Office (ICO) this week indicated it would be reluctant to use new powers proposed by the EU to fine data breach organisations up to five per cent of their annual turnover.
A statement from FriendFinder Networks read: "FriendFinder Networks Inc. has only just been made aware of this potential issue and understands and fully appreciates the seriousness of the issue.
"We have already begun working closely with law enforcement and have launched a comprehensive investigation with the help of leading third-party forensics expert, Mandiant.
"Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation.
"We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected."