Porn News

YouPorn’s VP of Operations: “None of YouPorn’s more than 4.75 Million user accounts were compromised”

Follow AdultFYI at twitter@adultfyi1; Follow Gene Ross at twitter@GeneRoss3

from www.securitymanagement.com – Registered users should “rest assured” that none of their data has been exposed, according to a statement released Thursday afternoon by the world’s most popular adult Web site YouPorn. There’s still no official number on how many people were affected.

“We’d like to stress again, none of YouPorn’s more than 4.75 Million user accounts were compromised,” said Brad Black, YouPorn’s vice president of operations. Black blamed poor security practices of a third party service provider for the breach and the media for exaggerating the number of users affected.

A thread on Flashback.org, Sweden’s largest Web forum, revealed that data for registered users of YouPorn’s chat client was openly accessible until the server was taken offline on Tuesday, according to a blog entry by Anders Nilsson, a security specialist at the Scandinavian firm Eurosecure. The information contained e-mail addresses and passwords for more than one million users.

YouPorn is one of the most visited Web sites in the world. In its heyday, the site was pulling 15 million news users every month, according to a 2007 report from the Guardian. Black, in a statement (NSFW) released Thursday, says the site has 4.7 million users and that “the number of unique users affected was several thousand, not millions.”

Despite password safety rules, “a surprisingly large portion of Internet users use the same passwords for many of the services they use on the Internet, whether it is e-mail accounts, Facebook, PayPal, or other services,” Nilsson wrote.

Hackers had already started checking passwords against e-mail addresses and posting “intimate pictures” retrieved from e-mail accounts, he wrote in the blog. Once hackers get into a person’s e-mail account, they can secure even more information to launch phishing attacks or fraud operations. Said Nilsson, “For a security professional it is baffling how coders working on a website with such sensitive content can make mistakes of this magnitude. Allegedly hundreds of megabytes of data has been secured by people with unknown goals.”

In its own investigation, YouPorn says it found that poor security practices resulted in user logs being left behind in a public directory. The user information was available online for an unknown amount of time after a programmer,(Nilsson questions if it was accidentally) left debug logging on to a publicly accessible URL in YouPorn’s chat client, called YP Chat, around November 2007–and it’s been storing data ever since.

The data, posted on Pastebin, contained information for 6,400 users, but that was only data from 2012. “There were far more registrations during 2008-2011, and a total of unique e-mails is a little more than 1.3 million,” Nilsson said in an interview on Friday.

The hole was probably found “by someone sweeping Web sites for publicly accessible, but non-linked (‘hidden’) folders, looking for…both porn or sensitive material like this, and struck gold,” Nilsson wrote.

“As far as I know, and can tell, there is no link between the [YP Chat] accounts, and the accounts on the main site,” Nilsson said.

YouPorn emphasizes that it didn’t suffer a breach in security and says that even though the chat client is for YouPorn users, the YP Chat servers are operated by a third party and in no way connects to YouPorn secure data.

“The chat service is owned and operated by a third party and is in no way associated with YouPorn.com,” he said. As soon as the breach was discovered, user access to YP Chat was blocked. He also recommended that any users who use their YP Chat login information for other accounts change their login information.

YouPorn users haven’t been shy to criticize the site for lax security in comments online that a spokesperson has been addressing online.

Thursday afternoon, Eurosecure posted statistics from the leaked data. The top YouPorn user password was “123456,” and being used by 72,915 users. The sixth most common was “password” and used by 8,380 users. Eurosecure will release an infographic based on the data Friday afternoon.

197 Views

Related Posts

Disruptive to Release Micah Martinez’s ‘Case of the Ex’ in November

LOS ANGELES — Disruptive Films will release "Case of the Ex,” a featurette written and directed by Micah Martinez, in November. The scene — co-starring Derek Kage and Tony Genius — follows the journey of two men who had a messy…

Platforming the Pleasure Industry’s Voice Through Voting

Very early in my business career, I learned not to mix business with politics or religion. This was a foundational tenet that just made sense. For much of my career, that was easy. However, it has become increasingly difficult to…

‘Sex Workers Are Part of the “Everyone” That Deserves Protections’: Congressional Candidate Joe Cohn Reaches Out to Adult Community

MOUNT HOLLY, N.J. — Veteran civil rights attorney Joe Cohn, who is currently running in a New Jersey Democratic primary for a seat in the U.S. House of Representatives, says he is reaching out to the adult community to champion…

Wicked Sensual Care Launches Sexual Assault Awareness Camaign

LOS ANGELES — Wicked Sensual Care (WSC) has launched its annual campaign for Sexual Assault Awareness month. "Every April, in recognition of Sexual Assault Awareness Month, the intimate wellness brand pledges resources and a portion of proceeds from the sales…

Gender X Begins Rollout of ‘Trans Honey Trap 3’

Jim Powers Brings Gender X Films’ Trans Honey Trap Back

Leave a Reply

Your email address will not be published.