Adult site Luscious data breach affects more than a million users

Users of the adult site saw thier personal information tied to their real identity leaked and exposed

data leak warning

Adult content-sharing website Luscious has suffered a data breach, exposing the private information of 1.195 million of the site's users.

The leaked information included usernames, personal email accounts, locations, gender, activity logs and in some cases full names.

Researchers from vpnMentor discovered the breach last week and that it was patched on Monday. It estimated around 20% of the accounts used fake email addresses but highlighted that 800,000 genuine accounts and actively used emails were breached.

The researchers also said that "many users" joined Luscious using their government email addresses, evidence of this came from users in Brazil, Italy, Australia and Malaysia.

"This adds a great deal of additional vulnerability not just to the users, but also their employers," said vpnMentor. "With access to employee email addresses, criminal hackers can target government agencies and departments in a number of ways."

Users affected mainly resided in France, Germany, Russia, Brazil, Italy, Canada and Poland and their leaked user activity revealed uploaded videos, user IDs, followers, accounts followed and blog posts.

The blog post exposures were particularly concerning to researchers due to how emotionally charged they were. Depressive and otherwise vulnerable content was viewed by researchers in the breach which de-anonymised many users, tying the content to their real identities.

Those who uploaded images to the site were also indexed including details of who created them.

"A data breach on this scale is always a serious issue and some might say that the sensitivity of this site makes it all the more worrying - with an increased potential for hackers to exploit individual site users whose identities have been exposed," said Ed Macnair, CEO at Censornet. "The nature of the data taken is also concerning - it has been reported that some of the users had government email accounts.

"This is hugely concerning as it risks exposing an entire organisation to an attack. It is therefore vital that organisations - government or otherwise - put strict measures on internet activity at work and discourage the use of work email addresses for personal services," he added.

vpnMentor notes that the effect of the data breach could be "ruinous" for the affected users' personal lives and relationships.

Access to the breached information gives hackers the opportunity to exploit users in things like sextortion scams or to just expose them online for being members of, and possibly posters to, the site.

In addition to sextortion scams, which the researchers said "given the sensitive nature of this data breach, victims are incredibly vulnerable and likely to pay", leaking email adresses and names also gives phishers the ammunition they need to construct sophisticated campaigns.

"By revealing personal details like email addresses and location, the Luscious data breach helps criminals target users for future exploitation, fraud, or theft," said vpnMentor. "They can use this information to create effective fraudulent emails and send them directly to a user's email inbox - that way, they also stand out from spam and junk mail."

Users have been advised to change their login details immediately, including usernames and email addresses. They've also been advised to make usernames completely unrelated to the associated email address to reduce the risk of being identified.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021
Report: Security staff excluded from app development
cyber security

Report: Security staff excluded from app development

20 Jan 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

20 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021

Most Popular

Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021