More than 875,000 files that included data belonging to over 4,000 models working on adult websites have been exposed in a nearly 20GB data publicly available on an Amazon server located in Virginia.

Security researchers at vpnMentor reveal in an analysis of the leak that the server belongs to adult affiliate network PussyCash, owner of ImLive and having more than 66 million members.

The exposed data includes extremely sensitive information belonging to the cam models, including full names, birth date and birth place, nationality, passport ID numbers and details, ID photo, signature, fingerprints, and emergency contacts. Furthermore, the researchers discovered photographs and scans of full passports and national identification cards with visible data such as full home addresses and ID photos.

All the data was stored in one zip folder per each model and included various file types, such as photos, videos, and documents. In some cases, screenshots of video chats and marketing materials were also stored in the database.

Unsecured and unencrypted database

Some of the folders are likely to be up to 20 years old, but at the same time, the most recent folders are believed to have been created approximately a few weeks ago.

Models in Europe, Asia, Africa, and Australia are affected by the data leak.

vpnMentor researchers reached out to PussyCash to report the issue but never heard back. On the other hand, ImLive, one of the brands that the network owns, did reply and said it would address the issue.

“PussyCash never replied to any of our attempts to contact them regarding the data leak, including their Data Protection Officer. ImLive finally responded to one of our emails, stating that they would take care of it and pass on the information to the PussyCash tech team,” the analysis notes.

The database was completely unsecured and unencrypted, vpnMentor says, and a browser was the only tool required to access all files hosted on the server.