Hackers Steal Sexual Proclivity Data

Uploaded on 2016-06-05 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

100K Aficionados of hardcore fetish porn have been compromised after a niche web forum was hacked.

Independent researcher Troy Hunt, who runs the Have I Been Pwned? database of stolen user accounts, told the BBC that along with the usual data hauls of email addresses, usernames, IP addresses and passwords, this breach also included information about specific sexual proclivities that can be linked to individuals. Tantalizingly for the muckrakers out there, Hunt added that government and military email addresses were found among the trove.

"This is a forum where you would think people would want to stay private, but people were using traceable emails or even corporate emails," Hunt told the Beeb.

The site, which no one has yet named, was an easy target. It had been using unpatched software, so the thieves needed only to use a well-known exploit to download the entire database of registered accounts.

"It took advantage of a common vulnerability using an SQL injection," Hunt said. According to Hunt, some of the victims are repeat targets. About 37% of the accounts were already listed on Have I Been Pwned?

“This hack was the result of having an old system which did not have the appropriate security measures in place that would have protected them from such a hack,”

David Navin, head of corporate at Smoothwall, said. “Many businesses will suffer similar issues—legacy systems are an issue in all sectors. To address this, it is essential that businesses start with the basics. Beginning with a firewall, encryption and good security software, if companies have those measures in place and continue to layer on top of that, then it will reduce the chances of a cyber-hack.”

He added, “Companies that deal in sensitive issues and collect data especially, should ensure that they have the latest technologies in place to protect their users, otherwise risk seriously harming their reputation and it could make it difficult to recover from.”

To protect one’s privacy, Hunt suggested that users "create an email account and make up a name and use something like the Tor browser so the IP address can't be traced back to you.”

Some adult sites are taking an active role in user protection. Adult entertainment website Pornhub for instance is the latest firm to ask the white hat research community to help fortify it against attack, after launching a bug bounty program. Like many other firms, it has launched the program in partnership with the HackerOne platform, and is offering anywhere between $50 and $25,000 depending on the severity of the reported flaw.

The question of whether the hackers will threat-ransom the stolen info has yet to be answered.

Infosecurity

« Navigating The Cyber-Threat Landscape
Robots Won’t Only Take Jobs They Will Also Create Jobs »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Security Industry Association (SIA)

Security Industry Association (SIA)

The SIA's mission is to be a catalyst for success​ within the global security industry through information, insight and influence.

SAI360

SAI360

SAI360 (formerly SAI Global) provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

Prevalent

Prevalent

Prevalent takes the pain out of third-party risk management. Companies use our services to eliminate the security and compliance exposures that come from working with vendors and suppliers.

PrivateVPN

PrivateVPN

PrivateVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

GovCERT Austria

GovCERT Austria

GovCERT Austria is the Austrian Government Computer Emergency Response Team. Its constituency consists of Austria's public administration.

Phew

Phew

Phew are New Zealand cyber security specialists with expertise and experience forged in global financial markets, IT&T, management consulting and SME business management.

Center for Research on Scientific & Technical Information (CERIST)

Center for Research on Scientific & Technical Information (CERIST)

CERIST is a scientific and technical research centre with activities focused in the area of networks, information systems and IT security.

Kymatio

Kymatio

Kymatio are pioneers in Artificial Intelligence applied to adaptive staff strengthening, cultural change and predictive internal risk analysis.

CYRail

CYRail

CYRail project will analyse threats targeting Railway infrastructures and develop innovative attack detection and alerting techniques.

Cloud GRC

Cloud GRC

Cloud GRC is an innovative cybersecurity company with solutions and expertise in Cybersecurity Strategies & Frameworks, Threat & Risk Assessment, Cloud Security, and Regulatory Compliance Requirements

ATHENE National Research Center For Applied Cybersecurity

ATHENE National Research Center For Applied Cybersecurity

ATHENE is the largest research center for cybersecurity and privacy in Europe, conducting application-oriented top-level research for the benefit of the economy, society and the state.

Exacom

Exacom

Exacom is a leading provider of multimedia logging/recording solutions across public safety, government, DoD, energy, utilities, transportation, and security applications.

Telit Cinterion

Telit Cinterion

Telit Cinterion is a global enabler of the intelligent edge providing highly secure IoT solutions, modules and services.

Cypheria

Cypheria

Cypheria harness the expertise of elite military units and combine it with extensive digital combat experience to deliver unparalleled security solutions for organizations.

Aikido Security

Aikido Security

Aikido is the no-nonsense security platform for developers. Secure your code, cloud, and runtime in one central system. Find and fix vulnerabilities automatically.

Unosecur

Unosecur

Unosecur is a comprehensive identity security platform that addresses identity-related threats in multi-cloud and on-premise environments.