Users of Friendfinder Network, Inc.’s Adult FriendFinder may have more to fear than their sexual preferences being leaked, with a hacker offering for sale an “unredacted” version of the stolen data from the service that may include credit card information.

The hacker, who goes by the username of ROR[RG] wrote on a Darknet Forum on Saturday that “I have had so many people ask me to buy the db today” that he was willing to sell the unredacted version.

The cost for the database that includes full details of 3.9 million users? 70 Bitcoins, or at today’s XBT/USD exchange rate $16,666.

If buying the details of Adult FriendFinder users isn’t your cup of tea, the very same hacker is offering his services to hack any other website for 700 Bitcoins, or $166,659.

Although exactly what is included in the unredacted data was not specified by the hacker, various security sites have reported that the redacted data so far released for free includes a column “paymenttype,” with most being empty, but a few indicate “cc” for credit card; realistically the only value proposition in the sale of the hacked data over what has already been released would have to be credit card details.

Fifteen files of data from Adult FriendFinder were discovered on the DarkWeb last week and included sexual preferences of users, whether they’re gay or straight, and if they are looking to cheat on a spouse, along with less risque details such as email addresses, usernames, dates of birth, postal codes and IP addresses of users.

As we reported May 21st, given the personal nature of the material Adult FriendFinder users are likely to be targeted heavily by spam and potentially even blackmailed, and there have already been confirmed reports of users targeted by spam that included malware and trojans.

The addition of credit card data to that list just opens a pandora’s box of extra pain to the 3.9 million users who have had their data compromised in the hack.

As of Monday FriendFinder Networks continues to maintain a stance of partial denial, saying that “there is no evidence that any financial information or passwords were compromised;” whether that’s a part admission that some information is out there isn’t clear.

If you’re an Adult FriendFinder user and are worried your details are out there, you can use the site Have I Been Pwned to see if your email address or username was included in the hacked data.

Image credit: mimi-chen/Flickr/CC by 2.0