Pierluigi Paganini October 11, 2019

Popular prostitution and escort forums in Italy and the Netherlands have been hacked and data have been offered for sale in the cybercrime underground.

A Bulgarian hacker known as InstaKilla has breached two online escort forums and stole the user information that he is now offering for sale on a hacking forum.

The two escort forums are EscortForumIt.xxx and Hookers.nl, it is used by sex workers and their customers in Italy and the Netherlands, both websites have confirmed the breaches.

Experts reports that also a forum for the Zooville zoophilia and bestiality fans was hacked and data offered for sale.

The Dutch news site NOS revealed that a hacker is selling the Dutch hookers.nl forum database for $300 on online forums. The exposed data includes user names, hashed passwords, and IP addresses for roughly 250,000 members.

“The account details of the 250,000 users of the Dutch website Hookers.nl have been leaked. This includes e-mail addresses. The website is popular among visitors to prostitutes and escorts, who exchange experiences and tips.” reported the NOS website.

“A hacker has captured the data from the members and offers it for sale, according to a study by the NOS after reporting an anonymous source.”

The hacker is also selling 33,000 records stolen from the Italian forum.

Both escort forums were running outdated versions of the popular vBulletin forum software. At the end of September, an anonymous hacker disclosed technical details and proof-of-concept exploit code for a critical zero-day remote code execution flaw in vBulletin (CVE-2019-16759). A few days later, the security expert Troy Mursch observed a botnet that it utilizing the recently disclosed vBulletin exploit to secure vulnerable servers to avoid that can be compromised by other threat actors. Likely, the Bulgarian hacker has exploited the same flaw to compromise the escort forums that were not updated by their admins.

“According to a sample of the data obtained by ZDNet, in the case of the Dutch forum, the hacker also appears to have gained access to the site’s internal paid subscription system, although there was no financial information included in the sample we received.” reported ZDNet.

InstaKilla is the same hacker who stole data from millions of Bulgarians in July and sent it to local media, the hacker is now offering for sale data from tens of other vBulletin-based forums.

Users of the escort forums are potentially exposed to extortion phishing campaigns similar to what has happened after the Ashley Madison hack.

Pierluigi Paganini

(SecurityAffairs – escort forums, vBulletin)

[adrotate banner=”5″]

[adrotate banner=”13″]