A popular porn site just exposed personal data of millions
What's the story
Just as governments around the world continue to raise questions over the security of their citizens' personal data, cases of breaches and leaks continue to increase. A few days back, fingerprints of more than a million people were compromised, and now, in a similar case, a popular site serving pornographic content has exposed the personal data of its users. Here's all about the incident.
Issue
Luscious leaked personal information of users
Popular porn site Luscious, which allows uploading pornographic images and animations under anonymized identities, recently suffered from a critical security vulnerability, The Next Web reported. The issue was spotted by researchers at vpnMentor, who were then able to exploit it and mine personal information of more than a million people using the service for consuming or uploading adult content.
Information
What kind of information was exposed
While detailing the leak, vpnMentor claimed that the exploit allowed them to access emails of Luscious users, their genders as well as the names of the country they lived in. They further added that the activities of these users on the site, including stuff like their comments, likes, uploads, and blog posts, were also accessed easily in an "unsecured and unencrypted" format.
Risk
This posed a major security threat to Luscious users
The kind of information exposed by Luscious posed a major security threat to its users, vpnMentor argued. They say that the email and countries of the users could've been used to target them with phishing, doxing, extortion while on-site activity could've given away more critical details like the type of content they liked/uploaded. Notably, some email addresses even had full names of the users.
Fix
However, the issue has now been resolved
While the issue was critical, the researchers claim that it has now been resolved. The team at Luscious was informed about the bug just a day after it was discovered, post which they worked and released a patch. Having said that, it's worth noting that they have not commented on the matter and it remains unclear if anybody else got access to this information.