A data breach of porn site Brazzers has compromised emails, usernames and even plain-text passwords, according to reports.
The hackers gained access to the accounts by accessing ‘porn forums’ where account holders can comment and discuss certain videos.
The data leak has been blamed by Brazzers on security flaws found in a piece of forum-building software called vBulletin, which has previously been exposed by hackers in other website forums.
In a previous hack – on a Grand Theft Auto gaming forum – that exposed the vBulletin software it was necessary to permanently close the forum, and move the account database to a more secure authentication system.
Here all traces of vBulletin software were removed.
“This kind of hack highlights the complexity of maintaining personal privacy and security online, and keeping your private life private. Although this particular incident concerns an adult site the flaw came from a piece of generic shared software that is also used on many other sites,” said Jon Geater, chief technology officer from Thales e-Security.
>See also: Instragram under attack by porn hackers
Matt Stevens, a public relation manager at Brazzers, told Motherboard that the breach matches an incident that occurred in 2012, and led to accounts being exposed as user’s details were shared between Brazzers and ‘Brazzersforum’.
While, the data was stolen in 2012/3 it has only been identified now, by a breach notification website called vigilante.pw., listing 790,724 leaked account details.
The authenticity of these account details has been verified by Australian cyber security researcher Troy Hunt, who runs a data breach repository called HaveIBeenPwned.com.
Hunt told Motherboard in an email that there has been a real “spate of vBulletin breaches where the software had been left pretty much unattended and unloved”.
“Vulnerabilities have been found and patches have been issued yet the admins have maintained the product and very well-known, easily exploited vulnerabilities have led to breaches like this one.”
>See also: 1 in 10 Brits watch porn at work despite known cyber risks
This privacy breach follows other major data leaks this year of organisations, like LinkedIn.
But the nature of this hack is that much more personal, given the elements exposed: porn fans discussing videos in a supposed safe haven.
Cyber security commentator Graham Cluley said that it’s a “goldmine for spammers wishing to promote other adult services or – more sinisterly – attempt to export money through blackmail threats”.
Data breaches like this one emphasise the importance of regularly changing passwords, to maximise privacy (and security) protection in all walks of internet use.
Going further still, as Geater points out, this “latest breach underlines the clear requirement for advanced cyber-security techniques – such as robust encryption – that protect organisations from allowing hackers to penetrate their networks and access potentially sensitive user data.”
