THREAT REMOVAL

It shouldn’t come to no one’s surprise that no place on the Web is safe – forums of porn sites the least. Still, however, such occurrence shouldn’t become the hackneyed scenario to which everyone has gotten used to. Amidst terrorism and violence, privacy deprivation and personal data thievery are just as evil. And, measures from all sides must be present – those providing the services, platforms, products, etc. and those who are using them. Extra caution hasn’t hurt nobody, and wouldn’t be viewed with disfavor either.

Due to one such negligence, the forum of the popular porn website Brazzers has been hacked and personal details of nearly 800,000 users – leaked. Intimate conversations between users in the forum have been exposed. Even users who have not been registered in the forum, have also been affected.

During normal operations, subscribers use the Brazzers forum to discuss and chat about scenes and favorite actors with other subscribers. Currently, the forum is displaying the “under maintenance” message with no information on when it’ll be active again.

Similarly to other breaches that happened recently with LinkedIn, DropBox, Last.fm, this one also occurred first in 2012 when hackers exploited a vulnerability in the forum. The personal data of the stolen accounts, however, has just been leaked.

Vigilante.pw, a website monitoring potential data breaches, estimated that the leaked data contains 790, 724 unique email addresses, usernames and passwords. The total entries numbered 928,072 in all, but some of them were duplicates or incorrect/inactive ones.

Who Is to Blame?

As mentioned above, there’s hardly one side at fault. It’s a combination of a vulnerable forum platform, Brazzers negligence, hackers’ persistence and mercilessness and even users’ naiveté.

The Forum Platform and Brazzers Stand

According to Matt Stevens, public relations manager at Brazzers, back in 2012, when the incident occurred, the Brazzers forum was managed by a third party.

“The incident occurred because of a vulnerability in the said third party software, the ‘vBulletin’ software, and not Brazzers itself,”

he told Motherboard.

“That being said, users’ accounts were shared between Brazzers and the ‘Brazzersforum’ which was created for user convenience. That resulted in a small portion of our user accounts being exposed and we took corrective measures in the days following this incident to protect our users.”

“Brazzers takes the privacy and safety of its users very seriously,”

Stevens added.

To confirm the validity of the breach, Troy Hunt, security researcher and creator of Have I Been Pwned, have contacted several Brazzers subscribers. And, they confirmed their details.

Hunt also confirmed that the vBulletin platform has been poorly managed:

“We’ve seen a real spate of vBulletin breaches where the software had been left pretty much unattended and unloved. Vulnerabilities have been found and patches have been issued yet the admins have maintained the product and very well-known, easily exploited vulnerabilities have led to breaches like this one.”

As much as the management of vBulletin platform is to blame, Brazzers must have also been a bit too careless for they have implicitly trusted a third party to take care of a forum where their users share quite sensitive and intimate information including their fantasies and chat conversations with other users.

The Users’ Naiviteté

One of the Brazzers users who have been contacted by Hunt to verify the stolen data, told Motherboard:

“It’s unfortunate that my information was included in the breach, but that’s the risk you run making an account anywhere on the web.”

Another one, however, said:

“I used throwaway login/pass for this very reason.”

And yes, this is the simplest method to reduce the risk of having your personal data stolen – use unique email address and password when signing up to websites. So, in case your data is compromised due to a similar breach like Brazzers’, it will be harder for others to personally identify you.