One of the most popular adult sites on the web has suffered an exposure of its own after millions of records were found sitting unprotected online.
An investigation by researchers at Cybernews found an unprotected Elasticsearch cluster containing more than 8GB of sensitive information about BangBros users, including nearly half a million user login records.
Overall, the database was found to be containing 12 million records, including details such as IPs, usernames, locations, feedback messages, and even “model performance statistics”.
Online breach
The database was discovered on June 6, and had apparently been indexed on search engines a few days earlier, having apparently been left unsecured due to an inadvertent configuration error.
Cybernews reports that the instance is now closed, but this doesn’t mean hackers won’t have already got their hands on the data, which could now be used for identity theft or extortion purposes.
“If bad actors managed to get their hands on this data, they might trace and link adult content viewers’ habits to specific individuals. Combined with other private information, this could lead to significant privacy issues, cause personal embarrassment, and result in social stigma in places with conservative attitudes,” said Mantas Kasiliauskis, information security researcher at Cybernews.
The largest part of the leak, the “bangbros_straight” file, contains almost 11 million records, which appear to be from the company’s media or content management system.
Cybernews says it contacted BangBros following the discovery, but did not receive any comment – although the issue does appear to have been fixed. TechRadar Pro has also contacted the company for comment, and will update our story if received.
Adult sites have long been a risky proposition for users, with the potential for privacy and security breaches a common one. We’d advise anyone signing up to such sites to make sure their personal data isn’t put at risk, and to use a VPN to make sure your browsing habits stay private, alongside multi-factor authentication on all your most important personal accounts.