IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Adult site Luscious data breach affects more than a million users

Users of the adult site saw thier personal information tied to their real identity leaked and exposed

data leak warning

Adult content-sharing website Luscious has suffered a data breach, exposing the private information of 1.195 million of the site's users.

The leaked information included usernames, personal email accounts, locations, gender, activity logs and in some cases full names.

Researchers from vpnMentor discovered the breach last week and that it was patched on Monday. It estimated around 20% of the accounts used fake email addresses but highlighted that 800,000 genuine accounts and actively used emails were breached.

The researchers also said that "many users" joined Luscious using their government email addresses, evidence of this came from users in Brazil, Italy, Australia and Malaysia.

"This adds a great deal of additional vulnerability not just to the users, but also their employers," said vpnMentor. "With access to employee email addresses, criminal hackers can target government agencies and departments in a number of ways."

Users affected mainly resided in France, Germany, Russia, Brazil, Italy, Canada and Poland and their leaked user activity revealed uploaded videos, user IDs, followers, accounts followed and blog posts.

The blog post exposures were particularly concerning to researchers due to how emotionally charged they were. Depressive and otherwise vulnerable content was viewed by researchers in the breach which de-anonymised many users, tying the content to their real identities.

Those who uploaded images to the site were also indexed including details of who created them.

"A data breach on this scale is always a serious issue and some might say that the sensitivity of this site makes it all the more worrying - with an increased potential for hackers to exploit individual site users whose identities have been exposed," said Ed Macnair, CEO at Censornet. "The nature of the data taken is also concerning - it has been reported that some of the users had government email accounts.

"This is hugely concerning as it risks exposing an entire organisation to an attack. It is therefore vital that organisations - government or otherwise - put strict measures on internet activity at work and discourage the use of work email addresses for personal services," he added.

vpnMentor notes that the effect of the data breach could be "ruinous" for the affected users' personal lives and relationships.

Access to the breached information gives hackers the opportunity to exploit users in things like sextortion scams or to just expose them online for being members of, and possibly posters to, the site.

In addition to sextortion scams, which the researchers said "given the sensitive nature of this data breach, victims are incredibly vulnerable and likely to pay", leaking email adresses and names also gives phishers the ammunition they need to construct sophisticated campaigns.

"By revealing personal details like email addresses and location, the Luscious data breach helps criminals target users for future exploitation, fraud, or theft," said vpnMentor. "They can use this information to create effective fraudulent emails and send them directly to a user's email inbox - that way, they also stand out from spam and junk mail."

Users have been advised to change their login details immediately, including usernames and email addresses. They've also been advised to make usernames completely unrelated to the associated email address to reduce the risk of being identified.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021
X-rated phishing attacks just keep growing
phishing

X-rated phishing attacks just keep growing

4 Jun 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
ransomware

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022