New data dumps are reported with a worrying regularity these days, and the latest one could prove to be not only a security risk for those affected, but also a potential source of embarrassment. Nearly 800,000 account details have appeared on the dark web originating from the forum of adult website Brazzers. It's reported that Brazzers users who never signed up to the forum may also find their details were exposed in the leak.
Breach monitoring site Vigilante.pw handed the dataset to Motherboard for verification purposes. It was found to contain 928,072 entries, with 790,724 unique email addresses, along with usernames and plaintext passwords. Many entries were duplicates or inactive accounts.
Security researcher and creator of the Have I been Pwned? website, Troy Hunt, helped verify the dataset by contacting some of his affected site subscribers who confirmed several of their details.
Matt Stevens, a public relations manager at Brazzers, told Motherboard: “This matches an incident which occurred in 2012 with our 'Brazzersforum,' which was managed by a third party. The incident occurred because of a vulnerability in the said third party software, the 'vBulletin' software, and not Brazzers itself.”
“That being said, users’ accounts were shared between Brazzers and the 'Brazzersforum' which was created for user convenience. That resulted in a small portion of our user accounts being exposed and we took corrective measures in the days following this incident to protect our users,” he added.
Unpatched and older versions of the forum-publishing software vBulletin have been responsible for a number of previous breaches, the most recent being the attack on the DOTA 2 official developer forum.
Right now the Brazzers forum, where users can discuss porn scenes, different adult actors and actresses, and request scenarios they’d like to see in upcoming movies, is down for “maintenance” with no indication of when it may return.
Problem with a hack like that is it's a *forum*. Worse than just adult website creds, this is what people were talking / fantasising about.
— Troy Hunt (@troyhunt) September 5, 2016
The extra concern with this breach is that hackers could have access to users’ private messages, and given the nature of the site, they could be quite revealing and lead to the kind of blackmail attempts that followed the Ashley Maddison leak.
If you’re a forum member who's worried that your details may be on the list, check out Have I Been Pwned. Those affected should change their password on BrazzersFourm and on any other sites that reuse the same login credentials.
https://www.techspot.com/news/66223-almost-800000-users-adult-website-brazzers-have-their.html
