Thousands of usernames and emails from members of porn site YouPorn were posted online on Wednesday.
The breach occured at an outsourced service within YouPorn called YP Chat, according to an official statement from YouPorn's parent company, Luxemburg-based Manwin Holding SARL. The chat feature has been disabled until investigations are complete, but the main website is still up and running.
"The investigation revealed that poor security practices resulted in YP Chat's unencrypted daily user logs being left in an unsecured public directory," Brad Black, vice president of YouPorn operations, said in a blog post. "As the logs maintained daily records, users that accessed their YP Chat accounts on a recurring basis would have their activity appear in countless log files. This resulted in some media outlets over inflating the number of affected users, where in actual fact the number of unique users affected was several thousand, not millions [as initially reported]."
The attacker posted 6,433 usernames and emails on Pastebin, a popular dumping ground for cyber attackers. No credit card information was compromised, and some of the user information appears to be duplicated.
Black recommended that users immediately change their username/password combo for any other website on which they used the same data as their YP Chat account. Why? As Sophos' Graham Cluley notes at Naked Security, "If your YouPorn password is now known, hackers might try that same password against your email address, your PayPal account, your Amazon account, and many of other online resources."
Embarrassingly, about 10 days earlier another Manwin-owned porn site, Brazzers, was breached to expose the emails, usernames, and encrypted passwords of more than 350,000 of its users. The attack was claimed by a 17-year-old living in Morocco who allied himself with Anonymous, AP reports.
But if you think you're safe surfing porn as long as you don't become a member of any particular website, think again. YouPorn is also being sued in California for allegedly tracking user information and browsing history, via a JavaScript code known as "sniffing history."
For more from Sara, follow her on Twitter @sarapyin.
No hay comentarios:
Publicar un comentario