Naughty America data breach: Millions of porn users' account details being sold on Dark Web
A hacker on the Dark Web claims to have stolen the account details of 3.2 million people who use the pornographic movie site Naughty America, as well as gay porn site Suite703 and some related forums.
You would think that selling stolen databases of details relating to users who paid for a service online would be lucrative, but the hacker, who goes by the name of "Peace", posted on the underground marketplace The Real Deal that he was putting the account details on sale for a measly sum of just 0.7048 bitcoins, which is approximately $300 (£208, €263).
Forbes investigated the claim, downloading a small sample of details from The Real Deal and then contacting some of the individuals in the leaks to see if they were real users.
Four individuals responded that they were indeed members of Naughty America and Suite703 and now intended to change their passwords, but two other individuals said that they had cancelled their subscriptions over a year ago, and it seems that Naughty America was still holding onto their account details.
It is thought that the account details were being sold for such a cheap sum on the Dark Web because Naughty America had protected the passwords using bcrypt, a strong cryptographic algorithm, so the passwords were hashed and would require a long time to crack into.
Hacks of adult websites on the rise
"Naughty America has been providing high quality online adult entertainment for over a decade and takes the privacy and data security of its members extremely seriously," Naughty America's CIO Ian Paul told Forbes. "We have launched an investigation and are conducting a thorough scan of our systems and an audit of our security protocols. We will continue to take the appropriate steps to further ensure our customers' data security.
"It should be noted that Naughty America utilises independent third-party payment processors to collect, maintain and store its users' financial information. The security of this data has not been called into question."
Since the infamous hack of the extramarital affairs website Ashley Madison in July 2015, there has been a rising trend in adult websites being breached by hackers, such as the hack of porn site TeamSkeet and the porn network Paper Street Media (PSM) in April, which exposed the email addresses, plaintext passwords and IP addresses of 237,000 users.
Prior to that, in February, account details relating to over 27 million users of the dating website Mate1 were leaked onto the Hell forum on the Dark Web. The data was offered for sale for 20 bitcoins ($8,600, £6,121) and is believed to have included information about the users' income levels, sexual fetishes and even drug use.
© Copyright IBTimes 2024. All rights reserved.