'Hackers' uncover Pornhub's entire user database, get $20,000 reward
Adult website's private user details and browsing habits found by white-hat security researchers.
The private details of Pornhub visitors, the largest adult website in the world, could have been easily exposed after cybersecurity researchers discovered a glaring vulnerability in the site that revealed its entire user database and their browsing habits.
Thankfully, for those on that database, the discovery was made by white-hat hackers (who hack for good) and shared the information with Pornhub's developers in order to highlight the flaw and bolster security. In return, they were rewarded with a $20,000 bug bounty for their work.
The team of computer experts, which included Ruslan Habalov, a computer science student, explained in his blog that they found two use-after-free vulnerabilities in PHP's garbage collection algorithm. It said that by gaining remote code execution they would have been able to do anything from "dump the complete database of pornhub.com including all sensitive user information" to "track and observe user behaviour on the platform and leak the complete available source code of all sites hosted on the server."
"We have taken the perspective of an advanced attacker with the full intent to get as deep as possible into the system, focusing on one main goal: gaining remote code execution capabilities. Thus, we left no stone unturned and attacked what Pornhub is built upon: PHP," said Habalov.
Pornhub bug bounty
Pornhub clearly has a vested interest to keep its user base confidential as well as those who upload videos to the adult site, which could expose performers' identities. Therefore they run 'bug bounty' a reward programme that pays out up to $25,000 to anyone who spots a security fault in its system. The reported fault was hastily patched up by the Pornhub team. It may seems counter-intuitive to invite experts to poke around its cybersecurity but clearly the cash bounty was more appealing than the online panic that would have been caused by releasing the data.
"As you can see, offering high bug bounties can motivate security researchers to find bugs in underlying software. This positively impacts other sites and unrelated services as well," said the white-hatters.
Being one of the world's most visited websites it's a constant target for malicious cyberattackers. One hacker claimed to have sold access to its servers for $1000, although this turned out to be a hoax. Malware is another big problem that attempts to exploit users by trying to get them to click on links that lead them away to another site that could install viruses to glean your personal information or ransomware, which will lock your whole computer unless you pay a ransom.
© Copyright IBTimes 2024. All rights reserved.