Hackers Steal Sexual Proclivity Data

Uploaded on 2016-06-05 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

100K Aficionados of hardcore fetish porn have been compromised after a niche web forum was hacked.

Independent researcher Troy Hunt, who runs the Have I Been Pwned? database of stolen user accounts, told the BBC that along with the usual data hauls of email addresses, usernames, IP addresses and passwords, this breach also included information about specific sexual proclivities that can be linked to individuals. Tantalizingly for the muckrakers out there, Hunt added that government and military email addresses were found among the trove.

"This is a forum where you would think people would want to stay private, but people were using traceable emails or even corporate emails," Hunt told the Beeb.

The site, which no one has yet named, was an easy target. It had been using unpatched software, so the thieves needed only to use a well-known exploit to download the entire database of registered accounts.

"It took advantage of a common vulnerability using an SQL injection," Hunt said. According to Hunt, some of the victims are repeat targets. About 37% of the accounts were already listed on Have I Been Pwned?

“This hack was the result of having an old system which did not have the appropriate security measures in place that would have protected them from such a hack,”

David Navin, head of corporate at Smoothwall, said. “Many businesses will suffer similar issues—legacy systems are an issue in all sectors. To address this, it is essential that businesses start with the basics. Beginning with a firewall, encryption and good security software, if companies have those measures in place and continue to layer on top of that, then it will reduce the chances of a cyber-hack.”

He added, “Companies that deal in sensitive issues and collect data especially, should ensure that they have the latest technologies in place to protect their users, otherwise risk seriously harming their reputation and it could make it difficult to recover from.”

To protect one’s privacy, Hunt suggested that users "create an email account and make up a name and use something like the Tor browser so the IP address can't be traced back to you.”

Some adult sites are taking an active role in user protection. Adult entertainment website Pornhub for instance is the latest firm to ask the white hat research community to help fortify it against attack, after launching a bug bounty program. Like many other firms, it has launched the program in partnership with the HackerOne platform, and is offering anywhere between $50 and $25,000 depending on the severity of the reported flaw.

The question of whether the hackers will threat-ransom the stolen info has yet to be answered.

Infosecurity

« Navigating The Cyber-Threat Landscape
Robots Won’t Only Take Jobs They Will Also Create Jobs »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

PhishLabs

PhishLabs

PhishLabs provides 24/7 services that help organizations protect against the cyberattacks targeting their employees, their customers and their brands.

Chainalysis

Chainalysis

Chainalysis provides blockchain analysis software to prevent, detect and investigate cryptocurrency money laundering, fraud and compliance violations.

Redshift Consulting

Redshift Consulting

Redshift is an information management and information security consulting company offering a full range of services from infrastructure design to security assessments and network monitoring.

Cyber Security Academy (CSA)

Cyber Security Academy (CSA)

The CSA aims to educate professionals who wish to contribute to strengthening the digital defensibility of states, organisations and individual citizens.

Hacken

Hacken

Hacken provide a range of cybersecurity services including security assessments, blockchain security audits, and secure software development.

ArcRan Information Technology

ArcRan Information Technology

ArcRan concentrates on developing comprehensive cybersecurity solutions for smart city applications. We believe that cybersecurity is the fundamental enabler of IoT development.

DreamIt Ventures

DreamIt Ventures

DreamIt Ventures is an early stage venture fund that accelerates startups building transformative tech products in the fields of Healthtech, Securetech, and Urbantech.

KDM Analytics

KDM Analytics

KDM Analytics software products automate the NIST risk management framework (RMF) assessment for operational technology (OT) systems.

Periculus

Periculus

Periculus makes managing digital risk simple. Its integrated platform offers access to purchase cyber insurance and cyber security solutions uniquely tailored to fit the needs of every business.

Open Data Security (ODS)

Open Data Security (ODS)

Open Data Security is a market leader in the information security sector, offering services to companies, governments and individuals, helping them shield from hackers and cyber attacks.

ID R&D

ID R&D

ID R&D is an award-winning provider of AI-based facial liveness, document liveness, and voice biometrics.

Intel Ignite

Intel Ignite

Intel Ignite is an internationally renowned acceleration program for early-stage deep tech startups.

Technology Mindz

Technology Mindz

Technology Mindz is a leading provider of cybersecurity services. We offer a wide range of services to help businesses. Our services are Identity and access management, Governance risk and compliance.

Saudi Information Technology Company (SITE)

Saudi Information Technology Company (SITE)

SITE is a forward-thinking enterprise, which aims at revitalizing Saudi Arabia’s digital infrastructure, cybersecurity, software development, and big data and analytics capabilities.

SecuCenter

SecuCenter

Secucenter is a trusted partner for SOC services, offering security expertise in a cost-effective way.

Prequel

Prequel

Prequel is your real-time problem detection and resolution platform, powered by the global reliability community.