[TheRecord] Adult cam site StripChat exposes the data of millions of users and cam models

StripChat, one of the internet’s top 5 adult cam sites, has suffered a security breach and has leaked the personal data of millions of users and adult models.

The leak, discovered by security researcher Bob Diachenko, took place earlier this month after StripChat exposed its ElasticSearch database cluster on the internet without a password for more than three days between November 4 and November 7.

Diachenko, who documented his findings in a blog post published today, said the exposed servers leaked a treasure trove of highly-sensitive information, such as:

Data of 65 million users registered on the site (username, email, IP address, ISP details, tip balance, account creation date, last login date, account status)Data of 421,000 models broadcasting on the site (username, gender, studio ID, live status, tip menus/prices, strip score)Data of 134 million transactions (information about tokens and tips paid by users to models, including private tips)Data about 719,000 chat messages saved in a moderation database (the user and model ID involved in the conversations)

Image: Bob Diachenko

Possible GDPR violation from StripChat’s part

Diachenko said he notified StripChat about the leaky cluster as soon as he spotted the servers and determined that the data belonged to the company.

The researcher said the cam site secured its server a few days later, but without providing a reply or explanation for what happened.

Despite suffering a major security breach that has impacted the personal information of more than 65 million users, at the time of writing, StripChat has yet to publicly disclose or acknowledge the incident, an action that may incur a severe GDPR fine for the Cyprus-based company.

StripChat has not returned requests for comment sent by The Record via email and their Twitter account earlier today.

It is unclear if someone else besides Diachenko has discovered and accessed StripChat’s database, but if they did, this data would put all those involved at serious risks.

“The exposure could be a digital and physical threat for both Stripchat viewers and models. IP addresses, which can be used to approximate someone’s location, are particularly worrying. They could enable someone to find and stalk, harass, or even assault someone in the database,” Diachenko said today.

“Aside from physical violence, the identifying information could be used to extort, bully, or humiliate victims who thought their online activities were private,” the researcher added.

Third major cam site to suffer a breach

The StripChat incident marks the third major security breach at an adult cam site operator after Cam4 exposed 7 TB of internal data in May 2020, and PushyCash exposed the details of 4,000 cam models in January 2021.

In August 2019, Diachenko also found a similarly highly-sensitive data leak at a Spanish brothel chain running “men’s clubs” in Barcelona and Valencia, where prostitution is legal, but not in an organized manner such as brothel houses, which are still considered illegal.

The post Adult cam site StripChat exposes the data of millions of users and cam models appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[HackerNews] Microsoft Fended Off a Record 2.4 Tbps DDoS Attack Targeting Azure Customers

All posts, HackerNews

Microsoft on Monday revealed that its Azure cloud platform mitigated a 2.4 Tbps distributed denial-of-service (DDoS) attack in the last week of August targeting an unnamed customer in Europe, surpassing a 2.3 Tbps attack stopped by Amazon Web Services in February 2020. “This is 140 percent higher than 2020’s 1 Tbps attack and higher than any network volumetric event […]

Read More

[SecurityWeek] Arizona Launches Command Center to Combat Cyberattacks

All posts, Security Week

Arizona Gov. Doug Ducey has launched a Cyber Command Center that will deal with threats to government computers. At a ceremony Monday at the Department of Public Safety’s Arizona Counter Terrorism Information Center in Phoenix, Ducey said the command center will be critical in ensuring the state’s cyber infrastructure remains safe and secure. read more […]

Read More

[BleepingComputer] Watch out: These unsubscribe emails only lead to further spam

Scammers use fake ‘unsubscribe’ spam emails to confirm valid email accounts to be used in future phishing and spam campaigns. […] Source: Read More (BleepingComputer)

Read More