Popular adult site (actually, just popular site will do) YouPorn is under fire after user data was lifted and exposed. In all, millions were said to have been affected, with thousands still currently exposed after much of the data was posted on pastebin.
First reported by Anders Nilsson at EuroSecure, info for millions of users of YouPorn’s chat service was accessible for a brief time before the specific server was taken down. It appears that only emails and passwords were exposed. And it also looks like someone might be out of a job:
“Looking at the data, it seems like a careless programmer accidentally(?!) left debug logging on to a publicly accessible URL as early as November 2007, and it has been storing all registrations ever since,” says Nilsson. “Yesterday, it was found, probably by “accident” by someone sweeping websites for publicly accessible, but non-linked (“hidden”) folders, looking for.. either porn or sensitive material like this, and struck gold.”
Of course, it’s easy to laugh at this kind of data breach (can you imagine what would happen when the leaked users’ significant others found out they were chatting – on porn sites. And as far as hacks go, there’s a case to be made that of all the targets, YouPorn is definitely one for the lulz. But the problem is that email and password leaks go beyond reputation tarnishing (although that is a consideration). People uses the same email and password combinations for logins all across the web. A simple porn breach could end up being a much more serious type of breach.
http://t.co/6YUFB6MZ | Article: http://t.co/6Jo8qZrY
HACKED: ~6400 YouPorn logins and passes stored in plaintext – Leak:It’s important to note that this tweet isn’t a claim to responsibility. This Anonymous account tweets out news from around the web. One other “anonymous” account tweeted at the YouPorn twitter account to which they responded:
http://t.co/oiTqKhoK for the lulz #Anonymous @YouPorn
YouPorn HACKED, emails+passwords –Here’s what they had to say about it on the YouPorn blog:
YouPorn.com has not suffered a breach of security. YouPorn.com users can rest assured, no data has been exposed.
The real focus of the recent news is YP Chat, an entirely separate service that was linked to from YouPorn.com. The chat service is owned and operated by a third party and is in no way associated with YouPorn.com. YP Chat is hosted on separate non-YouPorn servers and a security issue on said servers in no way creates a gateway to YouPorn.com’s secure data.
As soon as we, at YouPorn.com, became aware of the issue we took immediate steps to block access to YP Chat entirely and a thorough investigation was launched to evaluate the scope of the issue.
The pastebin data dump currently shows the email addresses and passwords of just under 6400 users.
[H/t Sophos NakedSecurity]