The hacker, known online as Peace of Mind has posted an advertisement on The Real Deal market – a place frequently used by hackers trying to sell stolen data – demanding approximately 0.6450 Bitcoin for the cache.
According to a sample obtained by Motherboard, the data contains the email addresses, usernames, clear-text passwords, IP addresses and dates of birth of 40,769,652 registered users.
The data has now been sold for 0.8888 Bitcoin, the equivalent of around $400.
Using the sample information provided, the site confirmed that out of 101 email addresses it examined, only 61 were already in use on Fling.
It also found that within the data, accounts were flagged with various settings, including “admin_disabled,” “user_disabled,” or “active”, however this showed no indication as to whether each email address was already in use or not on Fling.
Speaking about the data, Hunt said: “Fling could look at the info in that file and have absolute certainty that it came from their system.
“You can’t fabricate internal identifiers and time stamps and not be caught out as a fraud when they’re compared to an internal system.”
Fling confirms data breach
The adult social network – which claims to have 50m real members – has now verified the breach, but has also stated that the details were obtained as a result of a five-year-old data hack, which occurred back in 2011.
Responding to the hack, the owner of the Fling.com domain told Motherboard: “We take internet security very seriously.
“Our site is free to join and we do not store any credit card information. We’ve investigated the sample data and it is from a breach that happened in 2011.”
Existing Fling users are now being advised to change their password as a precaution, especially if the same password has been used on other services.
This attack follows a number of other recent security breaches witnessed by dating companies, which have also seen the personal details of users stolen and posted online.
Earlier this month, a hacker claimed to have 57m user details that were stolen from dating site Zoosk, however this was proven false following an analysis by Troy Hunt.
And in April, elite dating site BeautifulPeople.com confirmed it had also suffered a data hack, leading to the personal details and private messages of 1.1m users appearing on the deep web.