A website advertising sexually explicit videos starring Paris Hilton — as well as personal mementos lost by the imprisoned heiress — exposed the credit card numbers and personal information of 750 subscribers earlier this month, according to an online report.
According to a June 13 report on The Smoking Gun, the website was tipped off by a reader that a subscriber list on parisexposed.com could be easily accessed by changing a few numbers in the site's URL.
The victims had subscribed after the site’s re-launch following a federal injunction against it.
Exposed were subscribers’ names, email addresses, passwords, phone numbers, mailing addresses and credit card numbers. The victims had signed up for a "re-launch special" that cost $19.97 for a 30-day subscription.
The list of personal information was removed from the site last week, according to The Smoking Gun, which reported that the site revealed the personal information of subscribers from across the United States and 27 foreign countries, including the son of one unnamed U.S. television personality.
Contact forms to reach the operators of parisexposed.com required the last four digits of a credit card number used to subscribe to the site.
The website claims to have contents of a Hilton storage unit containing an exclusive sex tape made with Joe Francis, the founder of Girls Gone Wild, personal videos from birthday parties, love letters from ex-boyfriend Nick Carter of Backstreet Boys fame and a list of other celebrities’ phone numbers.
Ron O’Brien, senior security analyst at Sophos, told SCMagazine.com today that end-users should be cautious when supplying their credit card information.
"The manner and the extent that a number of websites were created is that, by their nature, they’re not secure. So someone who knows how to program is able to hack into it if the website is not secured, and a combination of a non-secured website and social engineering techniques can often lead to [data breaches]," he said. "We’ve seen instances where [attackers have used] the name of a celebrity, or a video to spread malware. But in this particular instance, it looks like they were collecting data and someone was able to hack into the site and collect the data."
Two months ago, a group of hackers promised nude pictures of Hilton, Britney Spears and porn star Jenna Jameson as image spam lures for malware.
Get more IT security news. Click here for SC Magazine Blogs.
