Nearly 800,000 users’ information has been exposed in a vBulletin vulnerability of the porn site Brazzers. The user data appears to have been taken from the Brazzers forum. However, many users used the same login details for the forum as they did for the main site, leaving hundreds of thousands of people exposed.
The data leak is said to have included email addresses, user-names, and unencrypted passwords, which most websites typically encrypt or hash in case of leak scenarios. This means that users on the porn site who have used the same email address and password on other sites may be vulnerable to attacks elsewhere.
“Problem with a hack like that is it’s a forum. Worse than just adult website (credentials), this is what people were talking / fantasizing about.”
Troy Hunt on Twitter said highlighting the fact that users’ specific sexual fetishes and fantasies could now be leaked into the open.
The leak, which actually happened in 2013 but has only just been discovered, was reportedly due to the forum’s vBulletin software. Brazzers has confirmed that vBulletin was the cause of the vulnerability and is currently taking “corrective measures” to protect its users and their information from cyber criminals.