It hasn’t been the greatest couple of weeks for the Internet porn industry.
Last week, a hacker claimed to have stolen personal information belonging to 350,000 users from the hardcore porn company Brazzers. On Wednesday, The H reported the user database of videosz.com porn portal was publicly available on the Internet, exposing hundreds of thousands of data records of customers and affiliate partners, including credit card details and password information.
Now it seems thousands of YouPorn users may have had their password information compromised due to a programmer of the YP Chat service leaving log information publicly available on the Internet. Though YP Chat is not owned or run by YouPorn, the situation touched off concerns because many users may use the same password for both the site and the service.
According to reports, the log files have been on a publicly accessible URL since November 2007. Though the issue has been fixed, copies of the log files have been posted online.
According to Anders Nilsson, CTO of Eurosecure, a “careless programmer” for YP Chat was to blame.
“For a security professional it is baffling how coders working on a website with such sensitive content can make mistakes of this magnitude,” he wrote. “Allegedly hundreds of megabytes of data has been secured by people with unknown goals. Cyber criminals can easily go through these e-mail addresses and match them with passwords and this way gain access to e-mail accounts.”
In a statement, YouPorn Vice President of Operations Brad Black explained that though some reports have claimed millions of accounts were compromised, the logs included information from users who accessed their YP Chat accounts on a recurring basis, creating multiple records for the same users. The actual number of unique users impacted is in the “several thousand.”
“As soon as we, at YouPorn.com, became aware of the issue we took immediate steps to block access to YP Chat entirely and a thorough investigation was launched to evaluate the scope of the issue,” he blogged. “If you have an YP Chat user account and use the same login information for any other website or service it is recommended that you update your information on other sites immediately,” he added.
“You can imagine how employers and marital partners may be less than impressed to find you are registered for a website like YouPorn,” blogged Graham Cluley, senior technology consultant at Sophos. “And their discovery of your porn penchant is only a search and a click away.”
“But more than the embarrassment factor, there’s also a security issue here,” he continued. “We know that many internet users adopt the same password for multiple sites. So, if your YouPorn password is now known, hackers might try that same password against your email address, your PayPal account, your Amazon account, and all many of other online resources.”