HIGH SEVERITYAdult

Adult FriendFinder Data Breach

AdultFriendFinder Platform Breach (2015): 3.6 Million User Accounts Including Sexual Orientation & Location Exposed

Adult-oriented dating and entertainment platform.

Verified by ObscureIQ Intelligence

X in f @

7.0Severity

3.6MRecords

10Fields

2015Year

ObscureIQ Breach Intelligence Scores

10.0

Breach Risk Index

Data Value

Market Recency

512

days

Since Breach

⚡ Risk Interpretation

Exceptionally sensitive. This is not just a credential breach. It exposes intimate behavioral and identity data that can drive blackmail, coercion, reputational destruction, stalking, and discrimination.

🎯 Impact & Downstream Threats

The 2015 incident produced limited regulatory penalty by current standards but significant reputational damage, and it contributed to a broader narrative of weak security culture at FriendFinder Networks that was reinforced by the much larger 2016 breach. There is no public record of substantial fines or class-action settlement tied specifically to the 2015 incident. Operationally, the company faced press scrutiny and forced password resets across the user base. The lasting institutional cost ha

Primary downstream threats:

Targeted phishing campaigns using exposed email addresses
Doxxing risk from physical address exposure

🔓 Threat Vectors

Identity verification bypass

Phishing, credential stuffing & account takeover

Profile enrichment

Pattern-of-life analysis & physical surveillance

Geolocation & account flagging

Social engineering context

Outing, blackmail & targeted violence

Targeted phishing localization

Cross-platform tracking & credential stuffing

📋 Breach Intelligence

EntityAdult FriendFinder (FriendFinder Networks)

OrganizationPrivate Company • USA / Global

Breach Date2015-05-01

DBC Added2024-12-01

Added Date2024-12-01

Records~3.6M (3,600,331 records)

Attack VectorUnknown

Threat ActorROR[RG]

Data SubjectsUser

Breach PathwayDirect

SourceHave I Been Pwned / DataBreach.com / ObscureIQ ↗

SensitivityRestricted

Breach ID57;58

StatusConfirmed

📝 Executive Summary

Adult FriendFinder, a major adult-oriented dating site operated by U.S.-based FriendFinder Networks, suffered a data breach in May 2015 attributed to a hacker using the alias ROR[RG]. The attacker initially sought a $100,000 ransom and then made the data publicly available when the demand was not met. The leaked dataset covered approximately 3.6 million user accounts.\n\nThe exposed records were unusually sensitive even by dating-site standards. Fields included email addresses, usernames, IP addresses, dates of birth, gender, race, spoken language, geographic location, relationship status, and stated sexual orientation. Many of the user-stated preferences were specific and identifying. The breach was the precursor to a much larger 2016 incident at the same company that exposed more than 412 million records across the broader FriendFinder Networks platform portfolio.\n\nFor affected individuals, the practical risk extends well beyond standard credential-reuse and phishing. The combination of identifiable contact data with self-reported sexual orientation and relationship status creates serious blackmail, extortion, doxxing, and outing risks. People in environments where their orientation, marital status, or activity could lead to personal, professional, or physical harm face the most acute exposure. Anyone who used the site should not respond to any extortion or blackmail attempt referencing the breach. Such messages are typically mass-targeted and rely on victims paying out of fear. Law enforcement and established victim-support and LGBTQ+ advocacy organizations should be the first point of contact rather than the sender of any such message.

🏢 About Adult FriendFinder

Adult FriendFinder is the flagship adult-oriented dating and social-platform service operated by FriendFinder Networks, a U.S.-based parent company that runs a portfolio of related sites including Cams.com, Penthouse.com, and Stripshow.com. The platform is positioned as a community for casual hookups, swinging, and adult relationships, and it has been one of the larger services of its kind on the open web. The site collects unusually sensitive profile data including stated sexual orientation, relationship status, demographic markers, and geographic location to support its matching features.

Company | Online dating and adult social platforms | Network of niche social platforms | Global

Private CompanyUSA / Globalfriendfinder.com

🗂 Why They Hold Your Data

Adult dating and hookup services collect highly sensitive profile information including identity markers, sexual preferences, relationship status, demographic attributes, location indicators, and participation data.

📰 Recent Developments

FriendFinder Networks suffered a much larger second breach in October 2016, which exposed more than 412 million accounts across its full portfolio of adult sites and is regarded as one of the largest breaches of its era. That incident dwarfed the 2015 disclosure in scale and reset public attention on the company. FriendFinder Networks remains operational, although its public profile in cybersecurity reporting has been defined by these two incidents. The company's password-storage and data-retention practices have been the subject of sustained criticism from researchers, including the discovery that supposedly deleted user records were retained indefinitely.

🔍 Data Points Exposed

10 verified field types:

IP Address

Email;Dates of birth

Genders

Geographic locations

IP addresses

Races

Relationship statuses

Sexual orientations

Spoken languages

Usernames

Exposure Categories

LocationGEO LOCS

Canonical Fields

date_of_birth, email_address, ethnicity_or_race:race, gender, geographic_locations, ip_address, relationship_status, sexual_orientation, spoken_language, username