Adult Site Data Breach: 7 TB of Personal Information Leaked
Quarantine influenced billions of people across the planet, leaving them alone with the question: what to do when you can only see the four walls and a balcony at best. The Internet has become a real salvation for humankind. Users work and learn online, escape boredom with books, movies, TV series — and adult sites, of course. These services break attendance records, but we can see some risks behind the scenes.
The most popular adult resources, like PornHub and xHamster almost simultaneously provided free access to premium content to Italians living in the areas most affected by the spread of COVID-19. PornHub went further and opened free access first for the whole Italy, then for Spain, and at the end of March — for the whole world. Naturally, it worked. Italians, who are already some of the top consumers of adult content, gave 57% more traffic a day. Coincidence or not, but five days later, the number of connections through Italy increased by 112%.
Overall, PornHub attendance increased by 19%. The xHamster is also growing: although representatives of the portal do not disclose accurate attendance data, the number of registrations increased by 22%, the site even had problems with user authorization. Yet, not only such giants of the recorded explicit content were impacted by the self-isolation, but some other kinds of entertainment, like the webcam industry. This is about adult live-streaming platform, CAM4.
Recently, the team of data security experts noticed a significant data breach, leading to the leak of billions of adult live-streaming records. This unprecedented event happened on a live-streaming website with adult shows — CAM4.com, owned by an Irish company Granity Entertainment. Its server’s database suddenly exceeded 7 TB, containing logs from March 16. What is more important, the size of this information was increasing dramatically, day to day.
As we know, the leaked data corresponded both to users of this adult website (mostly US), and the company itself. So, an incredible amount of information became at risk. Yet, Granity Entertainment was warned immediately, and the server was secured. Still, facts are facts.
What Do We Know About Cam4?
CAM4 is a live-streaming website, featuring “webcam models” who provide explicit content for the adult audience. For the most part, amateur cam performers use this platform to present their live streams, while the site users buy virtual credits to access some advanced features, like Gold shows, or tip the models they liked the most. Since CAM4 was established in 2007, it has paid out more than $100 million of performers’ payments.
What About Details?
The data of millions of users of the webcam site Cam4 already leaked to the network. A group of researchers notes that it is not known yet whether the attackers managed to use information about users for their purposes or not.
Community experts point out that they managed to access 7 terabytes of adult shows lovers’ data. Thus, they had at their disposal postal addresses, names, credit card data, country of origin, and all messages in the service.
Most of the information that leaked into the network is about U.S. residents. Presumably, we are talking about 6.5 million adult shows lovers who live in the United States.
The attackers seriously hit Brazilians — information about 5.3 users of the service and Italians — about 4.8 million — is shared.
As for fans of adult shows from Russia, it is worth worrying about 19.8 thousand Russian users.
On the contrary, the data of users from Middle West countries were not exposed because the adult content is banned at the governmental level there.
How and Why Did It Happen?
The security team was able to detect 26,392,701 entries with passwords hashes that corresponded to the ratio of hashes belonging to CAM4.com users. Altogether, a “few hundred entries” allowed access to full names, credit cards details, and payment information.
CAM4 logs clearly show all the users’ details, including usernames and passwords, activity, emails, and even login dates.
As we can see, webcam platforms are becoming more popular during the coronavirus isolation period, which has its risks. For instance, OnlyFans — a site whose subscribers access photos and videos of models — recorded a 75% increase in the number of newly registered users.
Top actors, who are more familiar to see in adult video studios, have previously learned webcam sites, but now their transition has been forced to accelerate. At the same time, it is pointed out that the webcam platforms are replenished not only by pornographic actresses. Strip clubs are closing, and more girls are moving online. So, for example, Fivestar is already preparing to promote personal shows of its actresses.
How Can Data Breach Harm You
Any information on your computer has value. Therefore, any data leakage can harm you. With access to logins and passwords, as well as bank cards and accounts, intruders steal money, industrial and enterprise secrets.
Loss of valuable information can occur if safety policy rules and regulations are misused. Failure to comply with data protection and retention policies results in data leakage and distribution in public places.
The consequences of leaks can be serious for both data owners and operators. For the first group, there are numerous risks of falling victim to intruders. They can suffer from:
- the disclosure of any information relevant to the person;
- the improper debit of funds from a credit card;
- interference with privacy;
- threats to children (in the case of publication in the media of data on schools where they study).
The minimum risk will be the improper transfer of information, such as e-mail addresses, to any companies that will start pursuing their owner with advertisements.
It is necessary to tighten liability for personal data leaks, no matter whether hackers stole them or owners forgot to set the password. The motivation here is simple: in addition to the data loss itself, which can hurt the company badly, this loss or discovery of open data is likely to become public. Social networks and media will write about it, and the blow to the reputation of the company will be sensitive.