Hack on 8 adult websites exposes oodles of intimate user data

[InfoSec News <alerts () infosecnews org>]

https://arstechnica.com/information-technology/2018/10/hack-on-8-adult-websites-exposes-oodles-of-intimate-user-data/

By DAN GOODIN
Ars Technica
10/20/2018

A recent hack of eight poorly secured adult websites has exposed megabytes 
of personal data that could be damaging to the people who shared pictures 
and other highly intimate information on the online message boards. 
Included in the leaked file are (1) IP addresses that connected to the 
sites, (2) user passwords protected by a four-decade-old cryptographic 
scheme, (3) names, and (4) 1.2 million unique email addresses, although 
it’s not clear how many of the addresses legitimately belonged to actual 
users.

Robert Angelini, the owner of wifelovers.com and the seven other breached 
sites, told Ars on Saturday morning that, in the 21 years they operated, 
fewer than 107,000 people posted to them. He said he didn't know how or 
why the almost 98-megabyte file contained more than 12 times that many 
email addresses, and he hasn’t had time to examine a copy of the database 
that he received on Friday night.

Still, three days after receiving notification of the hack, Angelini 
finally confirmed the breach and took down the sites on early Saturday 
morning. A notice on the just-shuttered sites warns users to change 
passwords on other sites, especially if they match the passwords used on 
the hacked sites.

"We will not being going back online unless this gets fixed, even if it 
means we close the doors forever," Angelini wrote in an email. It "doesn't 
matter if we are talking about 29,312 passwords, 77,000 passwords, or 1.2 
million or the actual number, which is probably in between. And as you can 
see, we are starting to encourage our users to change all the passwords 
everywhere."

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_