The data gave not only usernames, postal codes and dates of birth, but also an indication of which users were seeking an extra-marital affair.
In its response to our story, the company stated that it had “only just been made aware” of the hack.
But an email trail on www.databreachwallofshame.org shows that a warning about the leak was sent by a cyber security consultant on 12 March. Around two hours later an employee at Friend Finder Networks then replied with a “read receipt” to say that the warning email had been read.
Warning ‘not considered ‘legitimate’
The online dating company would not comment on the read receipt, but said its “leadership” only became aware of the breach on 20 May when contacted by Channel 4 News.
“FriendFinder employees receive hundreds of sales and marketing spam messages daily, including many from third party cyber security consultants, and any earlier communication on this specific issue was directed to junk mail folders and not considered a legitimate email,” the company said in a statement.
In addition to launching an internal review, Friend Finder Networks has hired Mandiant, a high-profile cybersecurity company, to investigate the hack, and is working with the FBI.
‘I will break into any company or site’
Meanwhile, the person who originally dumped the information on the so-called darkweb, who uses the nickname ROR[RG}, is demanding more than £10,000 for access to the database of users, and capitalising on the news by marketing his cybercrime services.
“I have had so many people ask me to buy the db [database] today,” the hacker wrote on the same forum where the original leak appeared, asking for payment in the anonymised currency Bitcoin.
“Or if you need I will break into any company or site for 750 in under seven days,” the writer adds.