You are here

HomeJohn Lister › Adult Site Hacked; 800,000 Accounts Exposed

Adult Site Hacked; 800,000 Accounts Exposed

John Lister's picture
by John Lister on September, 8 2016 at 01:09PM EDT

A hack of nearly 800,000 accounts on an adult entertainment site could be among the most embarrassing ever. The breach at "Brazzers" may expose some of the very personal tastes of the site's users.

The stolen data doesn't come from the main Brazzers site, which sells access to videos the company has made itself. Instead, it comes from the site's discussion forum, where users can discuss the scenes on the site and talk about what they'd like to see in future videos.

Passwords Stored Without Encryption

The data is said to include 790,724 email addresses (not including duplicate accounts) with the associated usernames and passwords. Shockingly, the passwords were stored as plain text. (Source: vice.com)

The problem doesn't appear to be with the security of the Brazzers site itself, but rather the software known as vBulletin which makes the discussion forum work. Vulnerabilities in that software have been blamed for breaches on other sites this year. In some cases, website operators have been too slow to apply updates to the software to keep their forums safe.

There's some confusion about how the main video site is affected. Brazzers management say some user accounts were shared between the two sites, implying customers reused their details. However, some users whose details appear on the stolen list say they never signed up to the forum.

No Financial Data Exposed

The good news for customers is that there's no suggestion any credit card data was compromised by the breach. Subscriber card details appear to have been kept completely separate to the password database.

The bad news is that it's a particularly embarrassing breach. It's not simply a case of subscribers to the site having their email addresses exposed, which could identify them as a paid consumer of adult content. Instead, the leaked data could identify individual posters on the forum -- even if they used a pseudonym as a user name -- and reveal exactly what they do and don't like in such videos, however unconventional. (Source: bbc.co.uk)

Such breaches are always a reminder that web users should use different login details for different sites to avoid one breach putting them at risk on multiple sites. In this specific case, analysts are also warning that it may be sensible to create a separate, non-identifying email address when signing up to sites users would prefer not to be publicly associated with.

What's Your Opinion?

Should providers of adult content be expected to take additional security measures to protect customers from possible embarrassment? Should such customers get sympathy after a breach, regardless of the content involved? Or should web users simply assume there's no guarantee anything they write online will stay anonymous?

Filed under:
Security
| Tags:
customers
,
brazzers
,
site
,
forum
,
breach
,
details
,
data
,
sites
Rate this article: 
Average: 5 (2 votes)

Comments

Dennis Faas's picture

Submitted by Dennis Faas on Thu, 09/08/2016 - 13:20

I don't know what my passwords are for every website I sign onto. I use Roboform to generate completely random passwords (example: "rn7nZ2E6h^3C@x^n"), and a fingerprint reader to access those passwords and to log me into Windows. Roboform fills in the forms (including login details and passwords) - I simply swipe my finger. It doesn't really get any easier than that. If you are using the same password on more than one website, you're going to be in a world of hurt because this sort of hacking will never stop.

stekcapofni's picture

Submitted by stekcapofni on Thu, 09/08/2016 - 14:33

#1 Should providers of adult content be expected to take additional security measures to protect customers from possible embarrassment?

Not from embarrassment, but from security breaches.

#2 Should such customers get sympathy after a breach, regardless of the content involved?

Sympathy? No. Regardless of the nature of the website. (Adult, religious, ebay, walmart, etc.)

#3 Or should web users simply assume there's no guarantee anything they write online will stay anonymous?

YES!!! Never assume ANY online activity or accounts are secure.

Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 20 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.