Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

YouPorn Users Warned to Change Passwords After Data Leak

It hasn’t been the greatest couple of weeks for the Internet porn industry.

It hasn’t been the greatest couple of weeks for the Internet porn industry.

Last week, a hacker claimed to have stolen personal information belonging to 350,000 users from the hardcore porn company Brazzers. On Wednesday, The H reported the user database of videosz.com porn portal was publicly available on the Internet, exposing hundreds of thousands of data records of customers and affiliate partners, including credit card details and password information.

Now it seems thousands of YouPorn users may have had their password information compromised due to a programmer of the YP Chat service leaving log information publicly available on the Internet. Though YP Chat is not owned or run by YouPorn, the situation touched off concerns because many users may use the same password for both the site and the service.

According to reports, the log files have been on a publicly accessible URL since November 2007. Though the issue has been fixed, copies of the log files have been posted online.

According to Anders Nilsson, CTO of Eurosecure, a “careless programmer” for YP Chat was to blame.

“For a security professional it is baffling how coders working on a website with such sensitive content can make mistakes of this magnitude,” he wrote. “Allegedly hundreds of megabytes of data has been secured by people with unknown goals. Cyber criminals can easily go through these e-mail addresses and match them with passwords and this way gain access to e-mail accounts.”

In a statement, YouPorn Vice President of Operations Brad Black explained that though some reports have claimed millions of accounts were compromised, the logs included information from users who accessed their YP Chat accounts on a recurring basis, creating multiple records for the same users. The actual number of unique users impacted is in the “several thousand.”

“As soon as we, at YouPorn.com, became aware of the issue we took immediate steps to block access to YP Chat entirely and a thorough investigation was launched to evaluate the scope of the issue,” he blogged. “If you have an YP Chat user account and use the same login information for any other website or service it is recommended that you update your information on other sites immediately,” he added.

Advertisement. Scroll to continue reading.

“You can imagine how employers and marital partners may be less than impressed to find you are registered for a website like YouPorn,” blogged Graham Cluley, senior technology consultant at Sophos. “And their discovery of your porn penchant is only a search and a click away.”

“But more than the embarrassment factor, there’s also a security issue here,” he continued. “We know that many internet users adopt the same password for multiple sites. So, if your YouPorn password is now known, hackers might try that same password against your email address, your PayPal account, your Amazon account, and all many of other online resources.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.