Hackers are reportedly selling 380,000 hacked xHamster account details

[midian182]

If you can’t trust a porn site to keep your personal details safe, then who can you trust? Yes, it seems that yet another adult entertainment company has leaked its members’ information all over the web. Two months ago it was Brazzers; now it's claimed that xHamster has been caught with its virtual pants down.

According to a report by Motherboard, breach notification site LeakBase has revealed that 380,000 users were affected by the hack, which has resulted in credentials, including usernames, email addresses, and “poorly hashed” passwords, being traded on the digital underground.

xHamster doesn’t require viewers to create accounts, but those who do can post comments, create personal collections, and upload their own videos. While that 380,000 figure does sound like a lot, the site claims to have 12 million members.

The report adds that 40 of the email addresses in the database belong to the US Army, and 30 are related to various US, UK, and other countries’ government bodies.

It’s not clear exactly when the breach took place, but the information was being traded at around the same time an anonymous hacker found a vulnerability in xHamster earlier this year. Exactly how the hacker or hackers got all the details is unclear.

“The passwords of all xHamster users are properly encrypted, so it is almost impossible to hack them. Thus, all the passwords are safe and the users data secured,” a spokesperson for the company said. However, Motherboard says the site uses the outdated MD5 hashing algorithm, which hackers can easily crack.

Responding to the Motherboard report, xHamster claims no hack took place. "The only way to respond to this news is to coin a new term: 'Fhack.' A fhack is best defined as a fake hack. There was a failed attempt to hack our database which occurred 4 years ago. The integrity of our user data is secure. Passwords are encrypted and impossible to hack. In short, this was a successful fhack; and a failed hack."

When asked how xHamster's user emails found their way into the hands of data traders, the site said: "We cannot validate that the emails are real and we don't believe that this is a genuine database." Strangely, Motherboard said it has independently verified the leaked email addresses and usernames.

Permalink to story.

https://www.techspot.com/news/67229-hackers-reportedly-selling-380000-hacked-xhamster-account-details.html

 

[Bigtruckseries]

YES, I use xhamster. But I was very careful not to put any "real" information on it that could be linked to myself. Videos starring my girlfriend, my X and myself have no "faces" or "heads" or geotags. So I'm completely untouchable.

People should already know that these sites are hackable after what happened o'er at Ashley Madison.

Even if they did manage to figure out which videos we're in, it will only make my status increase since I did a damn good job in those clips.

 

[Uncle Al]

Yeah .... I always use my neighbors credentials on those web sites .... he's 90 and blind so he's not loosing anything .... that he knows of! LOL

 

[Skidmarksdeluxe]

I remember that site but I woulda though it would've ceased to exist long ago. If memory serves me correctly, all their videos made old Charlie Chaplin movies look like they were recorded in 4K. 144p was the best quality one could get.

 

[Camikazi]

YES, I use xhamster. But I was very careful not to put any "real" information on it that could be linked to myself. Videos starring my girlfriend, my X and myself have no "faces" or "heads" or geotags. So I'm completely untouchable.

People should already know that these sites are hackable after what happened o'er at Ashley Madison.

Even if they did manage to figure out which videos we're in, it will only make my status increase since I did a damn good job in those clips.

Yeah, keep thinking the server doesn't keep track of you, bad info or not. Someone knows and anyone who watches might notice something they recognize and find you, you are never untouchable on the internet.