A popular porn site just exposed personal data of millions

Popular porn site Luscious, which allows uploading pornographic images and animations under anonymized identities, recently suffered from a critical security vulnerability, The Next Web reported.

The issue was spotted by researchers at vpnMentor, who were then able to exploit it and mine personal information of more than a million people using the service for consuming or uploading adult content.

While detailing the leak, vpnMentor claimed that the exploit allowed them to access emails of Luscious users, their genders as well as the names of the country they lived in.

They further added that the activities of these users on the site, including stuff like their comments, likes, uploads, and blog posts, were also accessed easily in an "unsecured and unencrypted" format.

The kind of information exposed by Luscious posed a major security threat to its users, vpnMentor argued.

They say that the email and countries of the users could've been used to target them with phishing, doxing, extortion while on-site activity could've given away more critical details like the type of content they liked/uploaded.

Notably, some email addresses even had full names of the users.

While the issue was critical, the researchers claim that it has now been resolved.

The team at Luscious was informed about the bug just a day after it was discovered, post which they worked and released a patch.

Having said that, it's worth noting that they have not commented on the matter and it remains unclear if anybody else got access to this information.