WASHINGTON (AP) — The Associated Press reported Thursday that someone with access to Ohio Republican Senate candidate Bernie Moreno’s work email account created a profile on an adult website in late 2008 seeking casual sexual encounters with men.
The story was based on records from a number of publicly available sources of information, including a 2016 database leaked from the Adult Friend Finder website, existing records the site makes available online about past and current profiles, property records and job applications, as well as archived information. versions of Adult Friend Finder websites and businesses Moreno once owned.
The AP could not definitively confirm whether the profile was created by Moreno himself.
Questions about the profile have been circulating in GOP circles for the past month. On Thursday evening, two days after the AP first asked Moreno’s campaign about the account, the candidate’s lawyer said a former intern created the account as a joke. The attorney filed a statement saying intern Dan Ricci created the account as “part of a prank on teenagers.”
“I am completely ashamed of a botched prank I pulled on my friend and former boss Bernie Moreno nearly twenty years ago,” Ricci said. The AP could not independently verify Ricci’s statement, and he did not immediately respond to a request for comment. Ricci donated $6,599 to Moreno’s campaign last year, according to campaign finance records.
Moreno’s attorney, Charles Harder, insisted Moreno “had nothing to do with the AFF account.”
The AP reported the story like this:
BIG DATA BREACHES
In 2016, the Adult Friend Finder website suffered a massive and well-documented data breach that exposed the personal information of millions of users, including numerous old accounts that appeared to have been previously closed or dormant. The incident, which was widely reported at the time, was the second such breach on the website, following a smaller leak the previous year.
This data remains available online. The AP found the files, downloaded them from a public location, and matched the contents with previous reports on the size and nature of the leaked data.
The data included a unique account number as well as a work email address (bernie@clevelandporsche.com) once listed for Moreno on the website of a dealership owned by him. A username named “nardo19672” was also listed.
Jake Williams, a prominent cybersecurity researcher and former National Security Agency hacker, independently confirmed that his email address was included in a copy of the leaked data.
Using a website called WayBack Machine, which preserves online data so it can be retrieved later, even after a site has edited or removed it, the AP confirmed that the email address was publicly listed as Moreno’s. While Moreno’s company page lists the address as his own in 2010, internet domain name registration applications show that the domain Clevelandporcshe.com was owned by one of Moreno’s companies in 2008, when the account was created.
According to an archived copy of the site from 2008, to complete creating an account on Adult Friend Finder and successfully log in at that time, the user needs to access the email address used to create the account. This is where the account password needed to log in will be sent, according to the company.
“Adult Friend Finder only requires a valid email address to sign up for this site, because you cannot receive your password without one,” the company said on its website in 2008.
Data obtained by the AP shows that the account was authenticated by someone with access to Moreno’s work email address about two minutes after it was created.
‘WE ARE LOOKING FOR YOUNG PEOPLE TO HAVE FUN TOGETHER’
The AP used the unique account number obtained from the leaked data to retrieve additional information for the online profile from a public data portal called an API on Adult Friend Finder’s website. It showed that the account was created in late 2008 and was used for about six hours.
Beyond work email, geolocation data shows the account was set up for use in part of Fort Lauderdale, Florida; Property records show Moreno’s parents owned a home at the time. The account’s username – nardo19672 – appears to refer to Moreno’s full name, Bernardo, as well as his birth year and month in February 1967.
The profile, which can be viewed online, lists Moreno’s correct date of birth.
Metadata obtained from Adult Friend Finder shows that the profiler is interested in meeting “men for one-on-one sex,” states that they would “prefer not to say” what their marital status is, and refuses to disclose their sexual orientation.
The photoless profile reads, “Hello, I’m looking for young men to have fun while traveling.”
Cyber Security experts say the account was most likely closed, but the company still stored the data and made it publicly searchable. The beginning of the username in the leaked data included “rm_”, the common sign used by programmers to indicate that an account has been removed or closed.
But as was often the case before new rules protecting personal information came into force, websites often did not fully delete data.
Stating that a similar incident occurred when data was leaked from the Ashley Madison website, which serves married individuals looking for a relationship, Williams said, “It is very common for them to keep these accounts.” “’How do they have this? ‘I deleted this years ago.’ The answer is: Your stuff isn’t actually deleted.
___
Associated Press data reporter Larry Fenn contributed to this report.