Hackers always go after personal information but usually its to access your bank accounts and credit cards. In the latest data breach, which includes more than 3.5 million people, the data comes with lurid details about sexual preferences, fetishes and other sexy secrets.
The data was exposed publicly after dating site Adult FriendFinder was hacked in March of this year.
Despite being aware of the incident and the data leaking onto the public web, the company has thus far refused to notify members of the incident.
The reason for all the steamy details is that Adult FriendFinder asks customers to detail their interests and then matches people based on thos interests for sexual encounters. The site boasts 64 million members and claims to have "helped millions of people find traditional partners, swinger groups, threesomes, and a variety of other alternative partners."
The information collected by the company is extremely personal in nature. When joining the site customers must enter their gender, which gender they're interested in and what kind of sexual situations they desire.
Suggestions AdultFriendfinder provides to fill in the "tell others about yourself" field include, "I like my partners to tell me what to do in the bedroom," "I tend to be kinky" and "I'm willing to try some light bondage or blindfolds."
The hack was first uncovered by independent IT security consultant Bev Robb and published on her blog a month ago. Yet Robb did not name the site that was hacked and it wasn't until this week, when England's Channel 4 News reported on the hack, that Adult FriendFinder was named.
Personal information exposed in the attack are customers' email addresses, usernames, passwords, birthdays and zip codes, in addition to their sexual preferences.
That data is potentially damaging if a hacker is looking to extort an Adult FriendFinder customer online.
The information exposed can be particularly compromising to people living in small towns, where it is more easy to identify them.
One person exposed in the hack is a 40-year old welder from a small town of a few thousand people. He said he "will become anybody's slave" and lied about his age on the site, claiming to be 29.
The attack was carried out by a hacker who goes by the name ROR[RG]. In an online forum, he claims he blackmailed Adult FriendFinder, telling the site he would expose the data online unless the company paid him $100,000.
That revelation is troubling because at that point the company would have known about the attack and should have started notifying victims. Instead it kept quiet, which is the reason many states are not enacting mandatory disclosure laws for companies that suffer data breaches. When a company keeps quiet hackers have the advantage and can prey on unsuspecting customers who are unaware their details have been compromised.