Related:
Infographics: YouPorn Chat Statistics
Podcast: The YouPorn Chat Scandal
I got contacted by Alltid Nyheter, from Swedish public broadcasting radio, regarding a thread on Flashback.org, Sweden’s largest web forum. User info of well over a million registered users was openly accessible on the chat site of YouPorn until the server was taken down yesterday.
>> Follow me on Twitter for more IT-security news and fun stuff <<
The exposed information contains e-mail addresses and passwords. This information can be used to identify porn consumers, but for some users more than a reputation is at stake.
It is common knowledge that even today a surprisingly large portion of Internet users use the same passwords for many (or all) of the services they use on the Internet, whether it is e-mail accounts, Facebook, PayPal, or other services.
For a security professional it is baffling how coders working on a website with such sensitive content can make mistakes of this magnitude. Allegedly hundreds of megabytes of data has been secured by people with unknown goals. Cyber criminals can easily go through these e-mail addresses and match them with passwords and this way gain access to e-mail accounts. Once they are in, they can secure even more sensitive information to use in phishing attacks, theft, or fraud.
It is difficult not to compare this case with the hacking of porn site Brazzers earlier this year, even though in this case the site wasn’t hacked.
Looking at the data, it seems like a careless programmer accidentally(?!) left debug logging on to a publicly accessible URL as early as November 2007, and it has been storing all registrations ever since.
Yesterday, it was found, probably by “accident” by someone sweeping websites for publicly accessible, but non-linked (“hidden”) folders, looking for.. either porn or sensitive material like this, and struck gold.
Hackers have already started going through the lists, checking which users have the same password for e-mail or Facebook, and have posted some intimate pictures found in some users sent/received e-mail.
For more information, contact: blog@eurosecure.com
[...] to security blogger Anders Nilsson, the credentials of well over a million YouPorn users were publicly [...]
[...] to security blogger Anders Nilsson, the credentials of well over a million YouPorn users were publicly [...]
[...] users.The leak has allegedly come from the chat system on YouPorn, and the misbehaving server has been taken down already. Eset, the Original source on this, says,The exposed information contains e-mail addresses [...]
[...] of accounts that had been compromised, Anders Nilsson of the security solutions company EuroSecure, wrote on his blog that login information for more than one million accounts was made public on [...]
[...] Izvor… [...]
[...] Blogbeitrag von Anders Nilsson (Quelle) [...]
[...] exposición de decenas de miles de direcciones de correo electrónico —algún blog lo cifra en más de un millón— y contraseñas de usuarios registrados al servicio de chat de la web de [...]
[...] – Secondo i blog che si occupano di sicurezza online, primo fra tutti Anders Nilsson, pare che il team di Youporn chat abbia lasciato il debug, con tutti i dati degli utenti, su un [...]
[...] Źródło: http://blog.eset.se/porn-site-coders-expose-user-info-of-millions/ Udostępnij // wykopywarka wersja standardowa (72×65) var wykop_url=location.href;// Link do strony var wykop_title=document.title; var wykop_desc=encodeURIComponent('Przykladowy opis'); var widget_bg='FFFFFF'; var widget_type='compact'; var widget_url='http://www.wykop.pl/dataprovider/diggerwidget/?url='+(wykop_url)+'&title='+(wykop_title)+'&desc='+(wykop_desc)+'&bg='+(widget_bg)+'&type='+(widget_type); document.write(''); Hacked chat, erotyka, youporn Nowy botnet HLUX [...]
[...] Porn site coders expose user info of millions - blog.eset.se [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] to security blogger Anders Nilsson, the credentials of well over a million YouPorn users were publicly [...]
[...] a un posible ataque al famoso sitio (una de las cien páginas más vistas en todo el mundo). Luego fue Anders Nilsson, de la empresa de seguridad EuroSecure, quién escribiría que el acceso a la información superaba [...]
[...] were posted on pastebin thanks to their dumb security policies (blame the coder). According to this blog it was an accidental discovery by some horny idiot who just wanted to see something [...]
[...] a un posible ataque al famoso sitio (una de las cien páginas más vistas en todo el mundo). Luego fue Anders Nilsson, de la empresa de seguridad EuroSecure, quién escribiría que el acceso a la información superaba [...]
[...] to security blogger Anders Nilsson, the credentials of well over a million YouPorn users were publicly [...]
[...] a un posible ataque al famoso sitio (una de las cien páginas más vistas en todo el mundo). Luego fue Anders Nilsson, de la empresa de seguridad EuroSecure, quién escribiría que el acceso a la información superaba [...]
[...] a un posible ataque al famoso sitio (una de las cien páginas más vistas en todo el mundo). Luego fue Anders Nilsson, de la empresa de seguridad EuroSecure, quién escribiría que el acceso a la [...]
[...] הזו היו השלכות חמורות: בלוגר האבטחה אנדרס לינסון כתב שיותר ממיליון חשבונות משתמשים נחשפו לעיני הציבור [...]
[...] of accounts that had been compromised, Anders Nilsson of the security solutions company EuroSecure, wrote on his blog that login information for more than one million accounts was made public on [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] Porn site coders expose user info of millions | Eurosecure Sverige … [...]
[...] a un posible ataque al famoso sitio (una de las cien páginas más vistas en todo el mundo). Luego fue Anders Nilsson, de la empresa de seguridad EuroSecure, quién escribiría que el acceso a la información superaba [...]
[...] ever since,” explains Anders Nilsson of CTO at Swedish security distributor EuroSecure, in a blog post on the [...]
[...] According to Swedish ESET security expert Anders Nilsson, the vulnerability that the unknown hacker found could date back as far as November 2007. [...]
[...] to the Associated Press, the first site, Brazzers, was hacked by a 17 year-old Moroccan. And according to the ESET blog, YouPorn was just the victim of an error made by a careless [...]
[...] a un posible ataque al famoso sitio (una de las cien páginas más vistas en todo el mundo). Luego fue Anders Nilsson, de la empresa de seguridad EuroSecure, quién escribiría que el acceso a la información superaba [...]