Luscious adult content sharing website suffered a data breach, exposing the private information of 1.195 million users of the site.
The information disclosed included usernames, personal email accounts, locations, gender, activity logs and, in some cases, full names.
VpnMentor researchers discovered the breach last week and it was fixed on Monday. He estimated that around 20% of accounts used fake email addresses, but pointed out that 800,000 genuine accounts and actively used emails had been hacked.
The researchers also said that “many users” joined Luscious using their government email addresses, with evidence coming from users in Brazil, Italy, Australia and Malaysia.
“This adds a lot of additional vulnerability not only for users, but also for their employers,” said vpnMentor. “With access to employee email addresses, hackers can target government agencies and departments in a number of ways. “
The affected users were primarily located in France, Germany, Russia, Brazil, Italy, Canada and Poland and their disclosed user activity revealed uploaded videos, user IDs, subscribers, accounts being tracked and blog posts.
Exposures to blog posts were of particular concern to researchers because of their emotional charge. Depressive and otherwise vulnerable content was seen by researchers in the breach that de-anonymized many users, linking the content to their true identities.
Those who uploaded images to the site were also indexed, including the details of their creator.
“A data breach on this scale is always a serious problem and some might argue that the sensitivity of this site makes it all the more worrying – with increased potential for hackers to exploit individual site users whose identities has been on display, ”said Ed Macnair. , CEO of Censornet. “The nature of the data collected is also of concern – some of the users were reported to have government email accounts.
“This is of great concern as it risks exposing an entire organization to attack. It is therefore vital that organizations – governmental or otherwise – put strict measures on internet activity at work and discourage the use of addresses. Professional email for personal service, ”he added. .
vpnMentor notes that the effect of the data breach could be “ruinous” for the personal lives and relationships of the affected users.
Access to the breached information gives hackers the ability to exploit users in things like sextortion scams or simply expose them online to be members, and possibly posters, of the site.
In addition to sextortion scams, which researchers say “given the sensitive nature of this data breach, victims are incredibly vulnerable and likely to pay,” the leaked email addresses and names also lead to phishers get the ammunition they need to build sophisticated campaigns.
“By revealing personal information such as email addresses and location, the Luscious data breach helps criminals target users for future exploitation, fraud or theft,” vpnMentor said. “They can use this information to create effective scam emails and send them straight to a user’s inbox. That way they also stand out from spam and junk mail.”
Users were prompted to change their login information immediately, including usernames and email addresses. They have also been advised to make usernames completely independent of the associated email address in order to reduce the risk of being identified.
The Ultimate Guide to Business Connectivity in Field Services
A roadmap for increased efficiency in the workplace
The Definitive Guide to Cloud Migration
Migrate applications to the public cloud with multi-cloud infrastructure solutions
Transform your network with advanced load balancing from VMware
How to Modernize Load Balancing to Enable Digital Transformation
How to secure workloads in hybrid clouds
Protecting Workloads in the Cloud