Another week starts with a data breach, roughly 800,000 accounts of the porn site Brazzers have been compromised. The data breach affected a separate forum, anyway, Brazzers users who never signed up to the forum may have been impacted.
The news was reported by Motherboard who received the dump from the data breach monitoring website Vigilante.pw. The leaked archive includes 928,072 records, 790,724 distinct email addresses, usernames and passwords in plaintext.
Motherboard journalists were supported by the popular security expert Troy Hunt to verify the authenticity of the leaked details, he confirmed a number of their details from the data dump belong to Brazzers users.
“This matches an incident which occurred in 2012 with our ‘Brazzersforum,’ which was managed by a third party. The incident occurred because of a vulnerability in the said third party software, the ‘vBulletin’ software, and not Brazzers itself.” explained Matt Stevens, a company spokesman.
The company downgraded the extension of the data breach explaining that only a small portion of users were impacted.
“That being said, users’ accounts were shared between Brazzers and the ‘Brazzersforum‘ which was created for user convenience. That resulted in a small portion of our user accounts being exposed and we took corrective measures in the days following this incident to protect our users,” Stevens added.
There is a strange particular emerged in the story, Motherboard contacted two Brazzers users to verify the authenticity of their data, both confirmed the genuinity of the records, but said that they had not accessed the Brazzersforum.
The forum allows Brazzers users to discuss porn content or to suggest new scenarios for future productions.
Brazzer forum runs the vBulletin, one of the most popular platforms for web forums. Old vBulletin versions are affected by several vulnerabilities easy to exploit, it is likely that hackers exploited one of them to steal the records.
At the time of writing, Brazzersforum is under maintenance.
In response to the data breach Brazzers banned all the inactive accounts present in the dump.
“Note that the data provided contains many duplicates and non-functional accounts. We banned all non-active accounts in that list in case those usernames and passwords are re-used in the future,” Matt Stevens, public relations manager from Brazzers, told Motherboard.
“Brazzers takes the privacy and safety of its users very seriously,”
[adrotate banner=”9″]
(Security Affairs – Brazzersforum, data breach)