A security flaw on a popular hentai porn site has exposed the emails of more than a million of its users, allowing potential hackers to track down “real-world individuals” with a penchant for cartoon smut.

Researchers at digital firm VPNMentor used a flaw in the system to gain access to nearly 1.2 million user accounts registered on the adult website, Luscious. The site allows people to upload and share hentai – porn based on Japanese-style anime and manga – and is one of the most popular haunts for those into that kind of thing. The registered users, even though they register using email addresses, are supposed to remain anonymous.

The data breach “compromises this anonymity” by allowing hackers to view the users’ personal information, including their emails, the company wrote on Monday. Although no passwords were obtained, researchers managed to see users’ locations and track down all of their activity on the site, including what they uploaded and commented on.

Also on rt.com Mia Khalifa says she only earned $12K from porn, despite fame & death threats

Only around 20 percent of people used fake emails when logging on to view porn, and “many users” joined Luscious using official government emails, the company said. All of this makes the consequences of a potential hack more damaging, as cyber-criminals often use sensitive private information for extortion.

The impact of this data breach on users could be devastating, personally and financially.

IT news website TechCrunch, which looked through the exposed database, confirmed that “many” emails were real, allowing anyone to “identify real-world individuals” who spent time browsing the website.

After the security lapse was revealed, the owner of Luscious told TechCrunch that people using the site will now be warned “about the potential exposure of their private email addresses.”

Think your friends would be interested? Share this story!