Almost 800,000 registered users of Brazzers porn site’s forum were exposed in an alleged data breach. The credentials of the users were leaked online, not only revealing the identities of some of them, but also their private conversations.
Vice’s Motherboard was the first to report the data dump. The site says the compromised info contains 790,724 email addresses, usernames, and passwords, all published in plain text. The media outlet said it worked with security researcher Troy Hunt to verify the information.
Mr. Hunt told Motherboard the breach has the potential to be more embarrassing than just knowing someone is a member of a porn site. As the dump includes conversations, the stolen data also may include the sexual preferences of the customers.
Troy Hunt is the creator of the site “Have I Been Pwned?”. Concerned Brazzersforum’s users can check Hunt’s website to see if their credentials are part of the breach. If not, they should consider changing their logins and use a different email on the main site.
Many people use the same login on the forum and the main porn site
Some users shared the same credentials on both the forum and the site, merely for convenience. The result is a small portion of accounts exposed. Brazzers assured they are taking “corrective measures” to protect its subscribers. The company also stated they banned all non-active accounts included in the data dump.
Matt Stevens, the public relations manager for the company, told Motherboard the breach is similar to a previous one occurred on the forum in 2012 because of the third-party software vBulletin, and not because of the XXX site itself.
It’s worth mentioningvBulletin is a software that manages online forums. They released the latest version of their platform, v5.2.3, in August on Facebook. As Hunt pointed out, the administrators of Brazzersforum did not apply the recent patches and left the site vulnerable.
Brazzersforum displays an ‘under maintenance’ message and is not available
The forum uses a different URL than the main site. In there, users tend to discuss different Brazzers’ movies, clips, scenes, and star; or request scenarios, positions, and stars they would like to see in future productions.
If someone uses the stolen logins, he could potentially see private conversations about sexual preferences. Because some of the accounts are related to a forum, Mr. Hunt told Motherboard the dump is even more sensitive than just knowing someone is a member of a porn site.
“WHEN IT’S SOLELY MEMBERSHIP OF AN ADULT WEBSITE, YOU KNOW THE PERSON HAS AN INTEREST IN ADULT MATERIAL, WHICH, WHILE POTENTIALLY EMBARRASSING, TELLS YOU VERY LITTLE ABOUT THEM. ONCE THEY’RE COMMENTING WITHIN A FORUM THOUGH, NOW YOU HAVE VERY PERSONAL INFORMATION ABOUT THEIR INTIMATE THOUGHTS,” he told Vice’s outlet.
User’s private information should be a top priority for a pornography site, and that rings even truer on the forums. It’s already difficult enough to explain a porn site’s account, and it would be harder to talk about the private thoughts on such a place.