Adult site Luscious data breach affects more than a million users

Users of the adult site saw thier personal information tied to their real identity leaked and exposed

data leak warning

Adult content-sharing website Luscious has suffered a data breach, exposing the private information of 1.195 million of the site's users.

The leaked information included usernames, personal email accounts, locations, gender, activity logs and in some cases full names.

Researchers from vpnMentor discovered the breach last week and that it was patched on Monday. It estimated around 20% of the accounts used fake email addresses but highlighted that 800,000 genuine accounts and actively used emails were breached.

The researchers also said that "many users" joined Luscious using their government email addresses, evidence of this came from users in Brazil, Italy, Australia and Malaysia.

"This adds a great deal of additional vulnerability not just to the users, but also their employers," said vpnMentor. "With access to employee email addresses, criminal hackers can target government agencies and departments in a number of ways."

Users affected mainly resided in France, Germany, Russia, Brazil, Italy, Canada and Poland and their leaked user activity revealed uploaded videos, user IDs, followers, accounts followed and blog posts.

The blog post exposures were particularly concerning to researchers due to how emotionally charged they were. Depressive and otherwise vulnerable content was viewed by researchers in the breach which de-anonymised many users, tying the content to their real identities.

Those who uploaded images to the site were also indexed including details of who created them.

"A data breach on this scale is always a serious issue and some might say that the sensitivity of this site makes it all the more worrying - with an increased potential for hackers to exploit individual site users whose identities have been exposed," said Ed Macnair, CEO at Censornet. "The nature of the data taken is also concerning - it has been reported that some of the users had government email accounts.

"This is hugely concerning as it risks exposing an entire organisation to an attack. It is therefore vital that organisations - government or otherwise - put strict measures on internet activity at work and discourage the use of work email addresses for personal services," he added.

vpnMentor notes that the effect of the data breach could be "ruinous" for the affected users' personal lives and relationships.

Access to the breached information gives hackers the opportunity to exploit users in things like sextortion scams or to just expose them online for being members of, and possibly posters to, the site.

In addition to sextortion scams, which the researchers said "given the sensitive nature of this data breach, victims are incredibly vulnerable and likely to pay", leaking email adresses and names also gives phishers the ammunition they need to construct sophisticated campaigns.

"By revealing personal details like email addresses and location, the Luscious data breach helps criminals target users for future exploitation, fraud, or theft," said vpnMentor. "They can use this information to create effective fraudulent emails and send them directly to a user's email inbox - that way, they also stand out from spam and junk mail."

Users have been advised to change their login details immediately, including usernames and email addresses. They've also been advised to make usernames completely unrelated to the associated email address to reduce the risk of being identified.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

X-rated phishing attacks just keep growing
phishing

X-rated phishing attacks just keep growing

4 Jun 2021
eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021