Users of Adult Website Exposed By Data Breach
A website that shares adult content has caused blushes of a different kind by leaking the private data of 1.195 million global users.
An authentication failure on the website Luscious.net allowed unrestricted access to a database containing user names, locations, genders, personal email addresses and even some full names. Also available were activity logs detailing what users had liked, uploaded, commented on and shared.
Users of the website, which specializes in computer-generated pornographic animations and graphics, were left vulnerable to bullying, harassment, phishing and the threat of blackmail. It is estimated that around 20% of the user accounts were set up with fake email addresses, meaning roughly 800,000 genuine email accounts were placed at risk.
The data leak was uncovered on August 15 by a vpnMentor research team led by cybersecurity professionals Noam Rotem and Ran Locar. The team was able to access detailed information regarding user activity on the site, including image uploads and blog posts.
A spokesperson for vpnMentor said: "Some of these blog posts were extremely personal – including depressive or otherwise vulnerable content – and kept anonymous. Due to this data breach, however, the blog posts are no longer anonymous, with many of the authors' identities revealed."
After being informed of the breach, it took the operators of Luscious.net just four days to fix the security hole. It's unknown how long the private user data may have laid exposed before the leak was caught.
A number of users in Brazil, Australia, Italy, Malaysia and Australia had signed up to Luscious using official govern ..