Recent Breaches a Boon to Extortionists

Posted on Posted in Hacker News

The recent breaches involving the leak of personal data on millions of customers at online hookup site Adult Friend Finder and mobile spyware maker mSpy give extortionists and blackmailers plenty of ammunition with which to ply their trade. And there is some evidence that ne’er-do-wells are actively trading this data and planning to abuse it for financial gain.

Within hours after data on tens (if not hundreds) of thousands of mSpy users leaked onto the Deep Web, miscreants on the “Hell” forum (reachable only via Tor) were busy extracting countless Apple iTunes usernames and passwords from the archive.

“Apple Id accounts you can use Tor to login perfectly safe! Good method so far use ‘Find My phone,’” wrote Ping, a moderator on the forum. “Wipe data and set a message that they been hacked and the only way to get their data back is to pay a ransom.”


mSpy works on non-jailbroken iPhones and iPads, but the user loading the program needs to supply the iTunes username and password to load mSpy onto the device. The tough part about a breach at a company like mSpy is that many “users” will not know they need to change their iTunes account passwords because they don’t know they have the application installed in the first place!

Late last week, several publications reported that the database for Adult Friend Finder’s users was being sold online for the Bitcoin equivalent of about USD $17,000. Unfortunately, that same database seems to be circulating quickly around the Deep Web, including on the aforementioned Hell forum.

In an update posted to its site on Friday, AFF owner FriendFinder Networks sought to assure registered users there was no evidence that any financial information or passwords were compromised.

Nevertheless, the AFF breach clearly threatens to inundate breached users with tons more spam, and potentially makes it easy to identify subscribers in real life. Such a connection could expose users to blackmail attempts: I spent roughly 10 minutes popping email addresses from the leaked AFF users list into Facebook, and managed to locate more than a dozen active Facebook accounts apparently tied to married men.


According to a note posted by the aforementioned Hell moderator Ping (this user is also administrator of the Deep Web forum The Real Deal), the AFF database has been traded online since March 2015, but it only received widespread media attention last week.

Quelle: KrebsonSecurity