Adult site Luscious data breach affects more than a million users

Users of the adult site saw thier personal information tied to their real identity leaked and exposed

data leak warning

Adult content-sharing website Luscious has suffered a data breach, exposing the private information of 1.195 million of the site's users.

The leaked information included usernames, personal email accounts, locations, gender, activity logs and in some cases full names.

Researchers from vpnMentor discovered the breach last week and that it was patched on Monday. It estimated around 20% of the accounts used fake email addresses but highlighted that 800,000 genuine accounts and actively used emails were breached.

The researchers also said that "many users" joined Luscious using their government email addresses, evidence of this came from users in Brazil, Italy, Australia and Malaysia.

"This adds a great deal of additional vulnerability not just to the users, but also their employers," said vpnMentor. "With access to employee email addresses, criminal hackers can target government agencies and departments in a number of ways."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Users affected mainly resided in France, Germany, Russia, Brazil, Italy, Canada and Poland and their leaked user activity revealed uploaded videos, user IDs, followers, accounts followed and blog posts.

The blog post exposures were particularly concerning to researchers due to how emotionally charged they were. Depressive and otherwise vulnerable content was viewed by researchers in the breach which de-anonymised many users, tying the content to their real identities.

Those who uploaded images to the site were also indexed including details of who created them.

"A data breach on this scale is always a serious issue and some might say that the sensitivity of this site makes it all the more worrying - with an increased potential for hackers to exploit individual site users whose identities have been exposed," said Ed Macnair, CEO at Censornet. "The nature of the data taken is also concerning - it has been reported that some of the users had government email accounts.

"This is hugely concerning as it risks exposing an entire organisation to an attack. It is therefore vital that organisations - government or otherwise - put strict measures on internet activity at work and discourage the use of work email addresses for personal services," he added.

Advertisement - Article continues below

vpnMentor notes that the effect of the data breach could be "ruinous" for the affected users' personal lives and relationships.

Access to the breached information gives hackers the opportunity to exploit users in things like sextortion scams or to just expose them online for being members of, and possibly posters to, the site.

In addition to sextortion scams, which the researchers said "given the sensitive nature of this data breach, victims are incredibly vulnerable and likely to pay", leaking email adresses and names also gives phishers the ammunition they need to construct sophisticated campaigns.

"By revealing personal details like email addresses and location, the Luscious data breach helps criminals target users for future exploitation, fraud, or theft," said vpnMentor. "They can use this information to create effective fraudulent emails and send them directly to a user's email inbox - that way, they also stand out from spam and junk mail."

Users have been advised to change their login details immediately, including usernames and email addresses. They've also been advised to make usernames completely unrelated to the associated email address to reduce the risk of being identified.

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354193/buy-it-to-grow-not-slow-your-business
Sponsored

Buy IT to grow, not slow, your business

25 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019