Hackers Steal Sexual Proclivity Data

Uploaded on 2016-06-05 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

100K Aficionados of hardcore fetish porn have been compromised after a niche web forum was hacked.

Independent researcher Troy Hunt, who runs the Have I Been Pwned? database of stolen user accounts, told the BBC that along with the usual data hauls of email addresses, usernames, IP addresses and passwords, this breach also included information about specific sexual proclivities that can be linked to individuals. Tantalizingly for the muckrakers out there, Hunt added that government and military email addresses were found among the trove.

"This is a forum where you would think people would want to stay private, but people were using traceable emails or even corporate emails," Hunt told the Beeb.

The site, which no one has yet named, was an easy target. It had been using unpatched software, so the thieves needed only to use a well-known exploit to download the entire database of registered accounts.

"It took advantage of a common vulnerability using an SQL injection," Hunt said. According to Hunt, some of the victims are repeat targets. About 37% of the accounts were already listed on Have I Been Pwned?

“This hack was the result of having an old system which did not have the appropriate security measures in place that would have protected them from such a hack,”

David Navin, head of corporate at Smoothwall, said. “Many businesses will suffer similar issues—legacy systems are an issue in all sectors. To address this, it is essential that businesses start with the basics. Beginning with a firewall, encryption and good security software, if companies have those measures in place and continue to layer on top of that, then it will reduce the chances of a cyber-hack.”

He added, “Companies that deal in sensitive issues and collect data especially, should ensure that they have the latest technologies in place to protect their users, otherwise risk seriously harming their reputation and it could make it difficult to recover from.”

To protect one’s privacy, Hunt suggested that users "create an email account and make up a name and use something like the Tor browser so the IP address can't be traced back to you.”

Some adult sites are taking an active role in user protection. Adult entertainment website Pornhub for instance is the latest firm to ask the white hat research community to help fortify it against attack, after launching a bug bounty program. Like many other firms, it has launched the program in partnership with the HackerOne platform, and is offering anywhere between $50 and $25,000 depending on the severity of the reported flaw.

The question of whether the hackers will threat-ransom the stolen info has yet to be answered.

Infosecurity

« Navigating The Cyber-Threat Landscape
Robots Won’t Only Take Jobs They Will Also Create Jobs »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Internet Security Alliance (ISA)

Internet Security Alliance (ISA)

ISA is an international trade association providing thought leadership in advancing a sustainable system of cyber security.

Cipher Security

Cipher Security

Cipher Security provides unique robustness tests and penetration tests, as well as customizable development services for vendors and providers.

IDnext

IDnext

IDnext is the open and independent platform to support innovative approaches in the world of the Digital identity.

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

CSL Group

CSL Group

CSL solutions provide complete end-to-end connectivity services for Security, Fire, Telecare and other mission critical M2M/IoT applications.

Gigacycle

Gigacycle

Gigacycle is one of the leading IT disposal and recycling providers in the UK. We specialise in IT asset disposal (ITAD) and data destruction.

Concentric

Concentric

Concentric Data Risk Monitoring and Protection. Deep Learning to discover, monitor and remediate risks to sensitive data on-premises and in the cloud.

Kinnami Software

Kinnami Software

Kinnami is a data security company that equips organizations with the tools they need to secure and protect highly confidential documents and data.

Ethyca

Ethyca

Ethyca builds automated data privacy infrastructure and tools for developers and privacy teams to easily build products that comply with GDPR, CCPA Privacy Regulations.

Secura B.V.

Secura B.V.

Secura is an independent specialized cybersecurity expert, providing insights to protect valuable assets and data.

LimaCharlie

LimaCharlie

LimaCharlie gives security teams full control over how they manage their security infrastructure. Get full visibility, build what you want, control your data, get the security capabilities you need.

Patriot Consulting Technology Group

Patriot Consulting Technology Group

Patriot Consulting's mission is to help our clients manage cybersecurity risk through secure deployments of Microsoft 365.

Check Point Software Technologies

Check Point Software Technologies

Check Point Software Technologies is a leading provider of cyber security solutions to governments and corporate enterprises globally.

Cyber Industrial Networks

Cyber Industrial Networks

Cyber Industrial Networks objective is to service the needs of industry in achieving reliable, robust and secure infrastructure that supports productivity.

Effectiv

Effectiv

Effectiv is a real-time fraud & risk management platform for Financial Institutions and Fintechs.

CIP Cyber

CIP Cyber

CIP Cyber is an online learning community with a mission of connecting, training, and certifying cybersecurity professionals to protect critical infrastructure.