Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

YouPorn Users Warned to Change Passwords After Data Leak

It hasn’t been the greatest couple of weeks for the Internet porn industry.

It hasn’t been the greatest couple of weeks for the Internet porn industry.

Last week, a hacker claimed to have stolen personal information belonging to 350,000 users from the hardcore porn company Brazzers. On Wednesday, The H reported the user database of videosz.com porn portal was publicly available on the Internet, exposing hundreds of thousands of data records of customers and affiliate partners, including credit card details and password information.

Now it seems thousands of YouPorn users may have had their password information compromised due to a programmer of the YP Chat service leaving log information publicly available on the Internet. Though YP Chat is not owned or run by YouPorn, the situation touched off concerns because many users may use the same password for both the site and the service.

According to reports, the log files have been on a publicly accessible URL since November 2007. Though the issue has been fixed, copies of the log files have been posted online.

According to Anders Nilsson, CTO of Eurosecure, a “careless programmer” for YP Chat was to blame.

“For a security professional it is baffling how coders working on a website with such sensitive content can make mistakes of this magnitude,” he wrote. “Allegedly hundreds of megabytes of data has been secured by people with unknown goals. Cyber criminals can easily go through these e-mail addresses and match them with passwords and this way gain access to e-mail accounts.”

In a statement, YouPorn Vice President of Operations Brad Black explained that though some reports have claimed millions of accounts were compromised, the logs included information from users who accessed their YP Chat accounts on a recurring basis, creating multiple records for the same users. The actual number of unique users impacted is in the “several thousand.”

“As soon as we, at YouPorn.com, became aware of the issue we took immediate steps to block access to YP Chat entirely and a thorough investigation was launched to evaluate the scope of the issue,” he blogged. “If you have an YP Chat user account and use the same login information for any other website or service it is recommended that you update your information on other sites immediately,” he added.

“You can imagine how employers and marital partners may be less than impressed to find you are registered for a website like YouPorn,” blogged Graham Cluley, senior technology consultant at Sophos. “And their discovery of your porn penchant is only a search and a click away.”

“But more than the embarrassment factor, there’s also a security issue here,” he continued. “We know that many internet users adopt the same password for multiple sites. So, if your YouPorn password is now known, hackers might try that same password against your email address, your PayPal account, your Amazon account, and all many of other online resources.”

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...