Adult FriendFinder 2015 Data Breach
ObscureIQ Breach Intelligence
High SeverityWebsite / service breach
AdultFriendFinder Platform Breach (2015): 3.6 Million User Accounts Including Sexual Orientation & Location Exposed
Adult-oriented dating and entertainment platform.
Verified by ObscureIQ Intelligence
65/100Breach Risk Index
40Data Value
25Market Recency
512dSince Breach
Breach Intelligence Summary
Entity: Adult FriendFinder · Actor: ROR[RG] · Sources: 3 references
Attack: Unknown
Profile: Company · Online dating and adult social platforms · Network of niche social platforms · Global
Timeline: Breach (2015-05-01) · Indexed (Dec 01, 2024) · Year (2015)
Exposure: 3.6M records · 10 fields: Date of Birth, Email Address, Ethnicity or Race, Gender, Geographic Location, IP Address, Relationship Status, Sexual Orientation, Spoken Language, Username
Status: Reported
Executive Summary
Adult FriendFinder, a major adult-oriented dating site operated by U.S.-based FriendFinder Networks, suffered a data breach in May 2015 attributed to a hacker using the alias ROR[RG]. The attacker initially sought a $100,000 ransom and then made the data publicly available when the demand was not met. The leaked dataset covered approximately 3.6 million user accounts.\n\nThe exposed records were unusually sensitive even by dating-site standards. Fields included email addresses, usernames, IP addresses, dates of birth, gender, race, spoken language, geographic location, relationship status, and stated sexual orientation. Many of the user-stated preferences were specific and identifying. The breach was the precursor to a much larger 2016 incident at the same company that exposed more than 412 million records across the broader FriendFinder Networks platform portfolio.\n\nFor affected individuals, the practical risk extends well beyond standard credential-reuse and phishing. The combination of identifiable contact data with self-reported sexual orientation and relationship status creates serious blackmail, extortion, doxxing, and outing risks. People in environments where their orientation, marital status, or activity could lead to personal, professional, or physical harm face the most acute exposure. Anyone who used the site should not respond to any extortion or blackmail attempt referencing the breach. Such messages are typically mass-targeted and rely on victims paying out of fear. Law enforcement and established victim-support and LGBTQ+ advocacy organizations should be the first point of contact rather than the sender of any such message.
ObscureIQ assessment: Exceptionally sensitive. This is not just a credential breach. It exposes intimate behavioral and identity data that can drive blackmail, coercion, reputational destruction, stalking, and discrimination.
Breach Impact
The 2015 incident produced limited regulatory penalty by current standards but significant reputational damage, and it contributed to a broader narrative of weak security culture at FriendFinder Networks that was reinforced by the much larger 2016 breach. There is no public record of substantial fines or class-action settlement tied specifically to the 2015 incident. Operationally, the company faced press scrutiny and forced password resets across the user base. The lasting institutional cost has been a sustained loss of trust among privacy-aware users and ongoing referencing of the incident in cybersecurity literature as an example of how adult-platform breaches inflict particular kinds of personal harm.
About Adult FriendFinder
Adult FriendFinder is the flagship adult-oriented dating and social-platform service operated by FriendFinder Networks, a U.S.-based parent company that runs a portfolio of related sites including Cams.com, Penthouse.com, and Stripshow.com. The platform is positioned as a community for casual hookups, swinging, and adult relationships, and it has been one of the larger services of its kind on the open web. The site collects unusually sensitive profile data including stated sexual orientation, relationship status, demographic markers, and geographic location to support its matching features.
Why They Hold Your Data
Adult dating and hookup services collect highly sensitive profile information including identity markers, sexual preferences, relationship status, demographic attributes, location indicators, and participation data.
Recent Developments
FriendFinder Networks suffered a much larger second breach in October 2016, which exposed more than 412 million accounts across its full portfolio of adult sites and is regarded as one of the largest breaches of its era. That incident dwarfed the 2015 disclosure in scale and reset public attention on the company. FriendFinder Networks remains operational, although its public profile in cybersecurity reporting has been defined by these two incidents. The company's password-storage and data-retention practices have been the subject of sustained criticism from researchers, including the discovery that supposedly deleted user records were retained indefinitely.
Data Points Exposed
10 verified field types
Date of Birth High
Email Address
Ethnicity or Race High
Gender
Geographic Location
IP Address
Relationship Status
Sexual Orientation High
Spoken Language
Username
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:High
Primary downstream threats:
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat vectors:
- Identity verification bypass
- Phishing, credential stuffing & account takeover
- Profile enrichment
- Pattern-of-life analysis & physical surveillance
- Geolocation & account flagging
- Social engineering context
- Outing, blackmail & targeted violence
- Targeted phishing localization
- Cross-platform tracking & credential stuffing
Threat Actor: ROR[RG]
ROR[RG]
Unknown
Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.
Recommended Actions
If you believe your information may be included:
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the Adult FriendFinder breach?▾
Adult FriendFinder, a major adult-oriented dating site operated by U.S.-based FriendFinder Networks, suffered a data breach in May 2015 attributed to a hacker using the alias ROR[RG]. The attacker initially sought a $100,000 ransom and then made the data publicly available when the demand was not…
What data was exposed?▾
Verified fields include Date of Birth, Email Address, Ethnicity or Race, Gender, Geographic Location, IP Address, Relationship Status, Sexual Orientation, Spoken Language, Username.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
Breach Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation