Several popular ‘camgirl’ sites have exposed the email addresses and other sensitive information of millions of users and sex workers after a backend was left wide open.

VTS Media, a company based in Barcelona, runs the affected sites, out of which amateur.tv is one of the most popular cam sites in Spain, according to traffic-ranking service Alexa. Others include placercams.com and webcampornoxxx.net.

This data exposure does not come at the hands of any sort of hack or exploit – instead, just an oversight by the company, TechCrunch reported. The administrative backends were left open, without a password, for several weeks. This allowed anyone to access the network’s database, which included user names, email addresses, IP addresses, browser user-agents, private chat logs, login timestamps, and even failed login attempts, which stored attempted passwords in plain text.

Also on rt.com British uni students to examine ‘censored, gay, feminist, amateur’ PORN as part of ‘illuminating’ X-rated course

The backend also contained data related to the videos that registered users were watching and renting. Users who broadcasted sexual content to viewers on these sites also had some of their personal information revealed.

The exposed database was discovered by researchers at cybersecurity firm Condition:Black. “This was a serious failure from a technical and compliance perspective. After reviewing the sites’ data-privacy policy and terms and conditions, it’s clear that users likely had no idea that their activities were being monitored to this level of detail,” John Wethington, the company’s founder, said, according to TechCrunch.

Read more

Both VTS Media and the servers for the adult webcam sites it operates are located in Europe, which opens this matter up to action related to General Data Protection Regulation (GDPR) violations. The European Union has received more than 95,000 GDPR-related complaints since May 2018, when it came into effect.

With millions of users affected, this is one of the largest data exposures for adult sites since Ashley Madison’s massive breach in 2015. At that time, around 32 million cheating spouses had their information revealed in a leak that included 25 gigabytes of personal data.

The database containing this information was made inaccessible at an undisclosed time last week, although all VTS Media websites remain online.

If you like this story, share it with a friend!