The forum was closed soon after data from the breach started circulating
The names of almost 800,000 registered users of porn site Brazzers have been exposed in a data breach.
The account details were taken from forums associated with the site on which porn fans discuss favourite scenes and performers.
It is thought attackers stole data using vulnerabilities in the vBulletin software used to run the chat forum.
Brazzers said it had taken measures to stop fraudsters re-using login names found in the list.
'Intimate thoughts'
News website Motherboard said the information about Brazzers users was passed to it by Vigilante.pw, which monitors breaches. The dump of data includes email addresses, user names and passwords spelled out in plain text. Many firms typically digitally scramble or encrypt passwords to protect them even if they go astray.
The data was taken from the Brazzersforum site that was set up for users but it appears that many people who signed up for the chat forums used the same logins and passwords on the main porn site. The data was stolen in 2013 but has only now come to light.
Security researcher Troy Hunt confirmed that the data in the dump was accurate by checking some of the details via the database of stolen credentials he maintains.
Mr Hunt told Motherboard that the release of the data was potentially more embarrassing than just knowing someone was a member of a porn site because, if someone used the stolen logins, they could see private conversations about sexual preferences.
"Problem with a hack like that is it's a forum," he said. "Worse than just adult website creds, this is what people were talking and fantasizing about."
In a statement, Brazzers confirmed that the breach occurred via the vBulletin software used to keep the forum running.
Mr Hunt said the widely used vBulletin software was often poorly maintained by forum administrators who did not apply the latest security patches leaving sites vulnerable to attack. Several recent breaches had all been traced back to vBulletin, he added.
Brazzers said it had taken "corrective measures" to protect users and stop credentials being re-used.
No comments:
Post a Comment