Thousands of adult cam models are now potentially at risk as a massive data breach of a popular porn network resulted in the leak of their personal information and other data.

I.M.L. SLU, the parent company of ImLive and PussyCash, was notified of a data breach earlier this month that resulted in the leak of just under 20 GB of data, encompassing videos, pictures, and very sensitive personal information dating as far back as 2005.

In total, over 875,000 files corresponding to over 4,000 models across 26 countries were leaked. The leaked data includes videos, advertisements, photographs, and chat recordings.

The cam models’ government identifications, driver’s licenses, social security numbers, banking information, body measurements, signatures, and other “sensitive media” are also among the data uncovered through the breach.

These documents are estimated to date as far back as 15-20 years, and as recently as within the past few weeks.

The breach puts models at risk – in more ways than one

At face value, it’s clear that there are major security concerns for affected individuals. There is a comprehensive package of information to steal the identity of many of these users. It’s likely that hackers will sell identifying information on the dark web, where their identity can grab several hundred dollars.

With this information in the wrong hands, affected individuals may find thieves attempting to access or leverage their bank accounts and cards. They may additionally use this information to take out credit with the stolen identities.

But that’s just the beginning of it. Those exposed could potentially find themselves extorted, where their sensitive media is leveraged for payment, with the alternative of those photos and videos being sent out to friends, family, co-workers, etc.

And in countries where this line of sex work is restricted our outlawed, they may be blackmailed under the pretense that their data will be forwarded to law enforcement.

If they engaged in same-sex activities in jurisdictions where that engagement is banned, they may face even more drastic punishments.

A preventable security failure

The data was leaked through an Amazon Simple Storage Service (S3 bucket) hosted in Virginia, USA, and utilized by the company to store user information.

According to the cybersecurity research team at VPNMentor, the S3 bucket was completely unsecured and unencrypted, enabling hackers to easily access the server.

Per the report, this breach would have been prevented if I.M.L. had taken proper measures to secure their servers, implement proper access rules, and leave unauthenticated systems disconnected from the internet.

VPNMentor noted that the breach was discovered as part of a web mapping project in which the team used “port scanning to examine particular IP blocks and test open holes in systems for weaknesses.”