Pierluigi Paganini November 06, 2019

Hackers compromised a network of ‘camgirl’ sites and exposed data belonging to millions of users and sex workers.

Hackers compromised several ‘camgirl‘ sites and have exposed millions of sex workers and users. All the sites were run by the Spanish company VTS Media that left the back-end database unprotected online. The unprotected database was discovered by researchers at Condition:Black cybersecurity firm.

The list of sites includes amateur.tv, webcampornoxxx.net, and placercams.com.

Exposed data included logs of the site activities, usernames, users’ private chat messages, and sometimes user-agents and IP addresses of the users that visited the ‘camgirl‘ sites. The logs also included failed login attempts, storing usernames and passwords in plaintext, often email addresses, and of course, videos watched and rented by the users.

The exposed data, in some cases, could match to real-world identities. The database left online without protection, also exposed data of the “camgirls.”

Last week, after the discovery of the database, the archive was secured.

“This was a serious failure from a technical and compliance perspective,” John Wethington, founder of Condition:Black told TechCrunch. “After reviewing the sites’ data privacy policy and terms and conditions, it’s clear that users likely had no idea that their activities being monitored to this level of detail.”

“Users should always take into consideration the implications of their data leaking but especially where the implications could be life altering,”

According to a press release published by VTS Media 100% of the data stored in it the database was encrypted and unreachable, the archive did not include any financial data.

“The data that has been exposed consists of technical logs, which are not processed. This data is automatically erased after 6 months and is exclusively used for technical reviews, quality controls and to solve our users’ requests.” reads the press release.

“It has been said that the security breach has exposed data from millions of users, but we would like to state that we’re talking about 330,000 users. “

Such kind of incident represents a serious threat to the privacy of users, data leak could lead to blackmail and even some suicides as reported after the massive data breach suffered by Ashley Madison dating site in 2015.

“Given both the company and its servers are located in Europe, the exposure of sexual preferences would fall under the “special categories” of GDPR rules, which require more protections. Companies can be fined up to 4% of their annual turnover for GDPR violations.” reported Techcrunch.com.

Pierluigi Paganini

(SecurityAffairs – camgirl sites, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]