The sexual orientations and personal details of millions of Internet users may have been exposed in an alleged breach of a social networking site aimed at intimate encounters. But it's just the latest sign that Internet users looking for love online -- or just hoping to hook up -- face privacy and security risks they might not expect.
The hack, first reported on by British outlet Channel 4 News last week, reportedly resulted in the information of nearly 4 million members of Adult FriendFinder leaking onto an online forum frequented by hackers. In addition to sexual orientation, the data allegedly revealed included e-mail addresses, usernames, dates of birth, postal codes, the unique Internet addresses associated with users' computers and whether members were looking for extramarital affairs.
Even being revealed as a member of Adult FriendFinder might be embarrassment enough for some: The site is, as its name suggests, "adult" in nature. Don't visit it on your work computer.
Penthouse Media Group acquired it along with the rest of its network, which also includes less risque sites aimed at religious and senior daters among others, back in 2007. That was around the same time Adult FriendFinder settled with the Federal Trade Commission for allegedly foisting "sexually explicit online pop-up ads on unwitting consumers" who weren't looking for porn, including children.
The company that now runs both Penthouse and Adult FriendFinder, renamed FriendFinder Networks, did not immediately respond to a Washington Post inquiry about the alleged privacy breach. However, a note a posted to the company's Web site said it is investigating the incident -- and has involved the FBI and cybersecurity company FireEye.
Using the Internet for love, or at least sex, is a becoming a staple of modern life. More than one in five Americans between ages 25 and 35 have used an online dating site or app according to Pew Research."Swiping right," as Tinder users do to signal interest in other profiles on the app, is already slang.
And while Adult FriendFinder is on one extreme of the burgeoning digital romance market, the whole sector is based on information about users' most intimate desires. Mainstream site OKCupid, for instance, asks users to fill out quizzes that cover everything from their sexual proclivities to drug habits.
That's the kind of information that might wreak some real havoc on a person's personal or professional life if publicly exposed. Still, users are handing it over, en masse, to a company that performs social experiments on them and shares their data with companies in the advertising industry.
Yet the specter raised by Adult FriendFinder's apparent hack is a different kind of threat than a company trying to use data to figure out how best to match people or leaking the info to other companies: It risks wholesale exposure of information in an era when it is basically impossible to put the data genie back in the bottle.
What users should really take away from the incident is that the privacy of the information they share with these sites is only as good as their security practices. And, unfortunately, there's evidence that Adult FriendFinder isn't the only site that has issues in that department.
Back in 2013, the Verge reported a security gaffe with OkCupid's "login instantly" feature that could allow people to access their friends' accounts if they were forwarded an e-mail from the service. Just last month, Ars Technica reported that Match.com wasn't encrypting users' login credentials -- leaving them vulnerable to snooping if users logged in to the site from a public network, for example. And other dating sites have suffered actual data breaches -- including eHarmony, from which more than a million user passwords were stolen in 2012.
Unfortunately, consumers don't have a lot of options for evaluating the security of dating services, according to Jonathan Mayer, a computer scientist and lawyer affiliated with Stanford's Center for Internet and Society. And the explosion of services in the market means that start-ups may not be putting users' privacy first.
"Young apps often don't prioritize security and privacy," he said. "Growth is everything in the start-up space -- and that can come at users' expense."
Mayer is also concerned about the trend of using logins for other social networks in dating apps. Instead of having users pull out a complete profile, they ask them to connect with their Facebook or LinkedIn pages -- pulling pictures or text to prepopulate their account. But that could mean even bigger problems if a breach occurs, Mayer said. "That means a compromise of those services won't just give information about things you deliberately shared with the dating site, but could expose otherwise private information associated with your primary social media accounts."
Online daters also face another risk: being scammed by other users. An FBI report released earlier this year showed that "confidence fraud and romance" scams are a major vector for online fraud. The agency received nearly 6,000 complaints about those kind of schemes last year from people who reported being swindled out of a total of over $82 million.
One recent academic study of a Chinese dating site found scammers resorting to some pretty creative methods. One scheme involved building up an online relationship with a victim before convincing the person to buy an expensive flower basket as a sign of commitment -- the fraudster then got a cut from the florist.