A hack of nearly 800,000 accounts on an adult entertainment site could be one of the most embarrassing of all time. Violation of “Brazzers” can expose some of the very personal tastes of users of the site.
The stolen data does not come from the main Brazzers site, which sells access to videos the company has made itself. Instead, it comes from the site’s discussion board, where users can discuss site scenes and talk about what they would like to see in future videos.
Passwords stored without encryption
The data would contain 790,724 email addresses (not counting duplicate accounts) with associated usernames and passwords. Surprisingly, passwords were stored as plain text. (Source: vice.com)
The problem does not appear to be with the security of the Brazzers site itself, but rather with the software known as vBulletin that powers the discussion board. The vulnerabilities in this software have been blamed for breaches on other sites this year. In some cases, website operators have been too slow to apply software updates to keep their forums safe.
There is some confusion about how the main video site is affected. Brazzers management says some user accounts were shared between the two sites, implying that customers reused their contact details. However, some users whose contact details appear on the stolen list say they never registered on the forum.
No financial data exposed
The good news for customers is that there is no suggestion that the credit card data has been compromised by the breach. The details of the subscriber card appear to have been completely separated from the password database.
The bad news is that this is a particularly embarrassing violation. This is not simply a case of subscribers to the site whose email address is exposed, which could identify them as a paid consumer of adult content. Instead, the leaked data could identify individual posters on the forum – even if they used a pseudonym as their username – and reveal exactly what they like and dislike in such videos, even not. conventional. (Source: bbc.co.uk)
Such violations are always a reminder that web users should use different login credentials for different sites in order to avoid one violation putting them at risk on multiple sites. In this specific case, analysts also warn that it may be a good idea to create a separate, non-identifying email address when signing up to sites that users would prefer not to be associated with publicly.
What is your opinion?
Should adult content providers be expected to take extra security measures to protect customers from potential embarrassment? Should these customers get sympathy after a breach, regardless of the content involved? Or should internet users just assume that there is no guarantee that everything they write online will remain anonymous?