Researchers at VPNMentor were able to access almost more than one million user accounts associated with the pornographic website Luscious.
VPNMentor’s Noam Rotem and Ran Locar found 1.195 million records associated with the one million registered site users containing a variety of information that could be ruinous to the individuals if released. The nature of the breach itself was not disclosed.
The site allows its members to upload user-created animated content and then comment and discuss the content anonymously behind a username.
The breach compromises this anonymity by potentially allowing hackers to access the personal details of users, including their personal email address, usernames, user activity logs (date joined, most recent log in), country of residence/location and gender. Additionally, some email addresses contained the member’s full name expanding their exposure.
It is believed that about 20 percent of the email addresses that were supplied to Luscious are fake thus protecting those users from some harm.
“The highly sensitive and private nature of Luscious’ content makes users incredibly vulnerable to a range of attacks and exploitation by malicious hackers,” Rotem and Lotar wrote.
The PII exposed was just part of what the team uncovered. Also associated with each account are the number of image albums they had created, video uploads, comments, blog posts, favorites, followers and accounts followed and their user ID number.
The records exposed came from people located around the world with particular concentrations located in France, Germany and Russia. It was also noted that many users joined the site using government and company- issued email addresses thus exposing those organizations, as well.
“Activity on adult sites like Luscious is the most private in nature, and nobody ever expects it to be revealed. Its exposure could be ruinous for a victim’s relationships and personal lives. The information made available in Luscious’ databases gives criminal and malicious hackers many options to use this data for illicit gains and exploiting users,” the researchers said.
This exposure could lead to extortion, doxing and phishing schemes being launched against the account holders.
VPNMentor reported the issue to Luscious on August 15 and the situation was rectified by August 19. However, it is recommended that all Luscious account holders immediately change their login credentials as a safety measure.
