Hackers Steal Sexual Proclivity Data

Uploaded on 2016-06-05 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

100K Aficionados of hardcore fetish porn have been compromised after a niche web forum was hacked.

Independent researcher Troy Hunt, who runs the Have I Been Pwned? database of stolen user accounts, told the BBC that along with the usual data hauls of email addresses, usernames, IP addresses and passwords, this breach also included information about specific sexual proclivities that can be linked to individuals. Tantalizingly for the muckrakers out there, Hunt added that government and military email addresses were found among the trove.

"This is a forum where you would think people would want to stay private, but people were using traceable emails or even corporate emails," Hunt told the Beeb.

The site, which no one has yet named, was an easy target. It had been using unpatched software, so the thieves needed only to use a well-known exploit to download the entire database of registered accounts.

"It took advantage of a common vulnerability using an SQL injection," Hunt said. According to Hunt, some of the victims are repeat targets. About 37% of the accounts were already listed on Have I Been Pwned?

“This hack was the result of having an old system which did not have the appropriate security measures in place that would have protected them from such a hack,”

David Navin, head of corporate at Smoothwall, said. “Many businesses will suffer similar issues—legacy systems are an issue in all sectors. To address this, it is essential that businesses start with the basics. Beginning with a firewall, encryption and good security software, if companies have those measures in place and continue to layer on top of that, then it will reduce the chances of a cyber-hack.”

He added, “Companies that deal in sensitive issues and collect data especially, should ensure that they have the latest technologies in place to protect their users, otherwise risk seriously harming their reputation and it could make it difficult to recover from.”

To protect one’s privacy, Hunt suggested that users "create an email account and make up a name and use something like the Tor browser so the IP address can't be traced back to you.”

Some adult sites are taking an active role in user protection. Adult entertainment website Pornhub for instance is the latest firm to ask the white hat research community to help fortify it against attack, after launching a bug bounty program. Like many other firms, it has launched the program in partnership with the HackerOne platform, and is offering anywhere between $50 and $25,000 depending on the severity of the reported flaw.

The question of whether the hackers will threat-ransom the stolen info has yet to be answered.

Infosecurity

« Navigating The Cyber-Threat Landscape
Robots Won’t Only Take Jobs They Will Also Create Jobs »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

SecureNow Insurance Broker

SecureNow Insurance Broker

SecureNow is a commercial insurance broker based in India. Services offered include Cyber Risk insurance.

Zimperium

Zimperium

Zimperium offers enterprise class protection for mobile devices against the next generation of advanced mobile attacks.

2Secure

2Secure

2Secure is one of Sweden's largest private security companies. Service inlcude personal security, corporate security, information and cyber security.

CyberForce Program - US Department of Energy

CyberForce Program - US Department of Energy

The Department of Energy’s (DOE) CyberForce Program is a workforce development program that seeks to inspire and develop the next generation of cyber defenders for the energy sector.

ITonlinelearning

ITonlinelearning

ITonlinelearning specialises in providing professional certification courses to help aspiring and seasoned IT professionals develop their careers.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.

JupiterOne

JupiterOne

JupiterOne is the security product that is changing how organizations manage and secure their software defined assets.

Onesecure Asia

Onesecure Asia

ONESECURE Asia’s expertise and services are built around its mission to provide reliable, robust and scalable technology solutions to cater for its customers’ needs.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

Q5id

Q5id

At Q5id, we prove that your customers' digital identity and real-world identity are the same, our verification and authentication solution delivers a Proven and Secure digital identity for everyone.

Zluri

Zluri

Zluri is a cloud-native SaaSOps platform enabling modern enterprises with SaaS Management and Identity Governance.

IDCARE

IDCARE

IDCARE is Australia and New Zealand’s national identity & cyber support service. Our service is the only one of its type in the world.

Apexanalytix

Apexanalytix

Apexanalytix is a leading provider of supplier onboarding, risk management and recovery solutions.

PowerDMARC

PowerDMARC

PowerDMARC is a domain security and email authentication SaaS platform that helps organizations protect their domain name, brand, and emails against unauthorized use.

SGS Brightsight

SGS Brightsight

SGS Brightsight is the largest independent security evaluation lab in the world, with ten recognised labs worldwide.

Planisys

Planisys

Planisys is a cybersecurity leader specializing in cutting-edge DNS security and email security solutions.