BreachExchange mailing list archives
Female escort review site data breach affects 470, 000 members
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 5 Feb 2021 09:56:51 -0600
https://www.bleepingcomputer.com/news/security/female-escort-review-site-data-breach-affects-470-000-members/ An online community promoting female escorts and reviews of their services has suffered a data breach after a hacker downloaded the site's database. EscortReviews.com is an adult online vBulletin forum community that allows US and Mexico-based escorts to promote their services, share profile pictures, contact information, and biographies to prospective clients. Clients can then post reviews about their experiences with the particular escort. The site is very active with over 2.4 million topics, 12.5 million posts, and over 470,000 members. EscortReviews.com member and post stats Hackers posts stolen vBulletin database This weekend a threat actor posted a link to a stolen vBulletin forum database for the EscortReviews.com website. Leaked EscortReviews.com database This database contains the registration information for over 472,695 members, including their display name, email address, MD5 hashed passwords, optional Skype account names, optional birthday, and IP address. Database sample In a sample shared by cybersecurity intelligence firm Cyble, the most recent data is from September 2018. BleepingComputer has reached out to some of the users listed in the database to confirm if the information belongs to them and is accurate. Only one member replied, who stated that the data is correct. The site is currently displaying a vBulletin database error to visitors. It is unknown if the site is disabled due to the database's posting or if the site was permanently shut down. vBulletin error at EscortReviews.com The last cached Google search page from the site is from January 21st, 2021. The site ran vBulletin 3.8.9, which has known vulnerabilities that could allow attackers to breach the site. It is unknown if the forum was hacked using one of these vulnerabilities or if the site left an unsecured backup of the database online. As the site uses MD5 hashed password, which can easily be cracked, it is strongly advised that members change their passwords at other sites using the same one. Members of the EscortReviews.com site can also check if their information is part of the data breach using Cyble's AmIBreached data breach notification services. Adult site data breaches can be devastating Data breaches for adult sites, such as those promoting escort services or dating, can be devastating to members if their information is exposed publicly. This information can be used by threat actors to perform targeted blackmail or sextortion attacks, such as the attacks that occurred after the 2015 Ashley Madison data breach. Even worse, there are known cases of data breaches leading to people committing suicide after information about their activities was posted online. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Female escort review site data breach affects 470, 000 members Destry Winant (Feb 05)