Popular prostitution and escort forums in the Netherlands and Italy have suffered data breaches that exposed the usernames, email addresses, and hashed passwords for their registered members.

With prostitution and escort services being legal in the Netherlands and Italy, forums have been created that allows users to review services or interact directly with sex workers.

According to the Dutch news site NOS, a hacker is selling the Dutch hookers.nl forum database for $300 on online forums. This database includes the user names, hashed passwords, and IP addresses for approximately 250,000 members.

The hacker old NOS that they utilized the recent vBulletin remote code execution vulnerability to steal the database. This breach was later confirmed by the owner of the hookers.nl in a post to their forums.

Statement by Hookers.nl Admin

In further research conducted by BleepingComputer, a user that is selling the hookers.nl database on underground criminal sites is also selling an alleged database for the girlforum.escortforumit.xxx forum based out of Italy.

This seller claims that the escortforumit.xxx breach contains the passwords, usernames, and email addresses for 33,152 users.

BleepingComputer has contacted the owner of the escortforumit.xxx forum and the seller of the stolen data breaches, but have not heard back at the time of this publishing.

Forum members obviously concerned

The leak of this type of information is obviously of great concern to members, whether they be sex workers or those who use their services.

Many sex workers post on the forums using aliases to hide their identity in order to prevent their activities from being discovered by family members or employers.

Likewise, members who left reviews of services are worried that their activities would now be exposed to employers, family members, spouses, and criminals who will try to use this information to blackmail them.

If the databases become public or added to data breach services like Have I been Pwned, it would allow employers and family members to easily check if an email addresses was part of these breaches.

With the 2015 Ashley Madison breach, this led to users who were exposed cheating on their spouses being divorced, blackmailed, and in one case, suicide.

Hookers.nl members are scrambling to prevent their exposure by requesting their accounts be deleted, but unfortunately the database has been stolen and damage is already done.

H/T The Mind Flayers