Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CAM4 adult cam site leaked 11B database records including emails, private chats

The popular adult live streaming website CAM4 exposed over 7TB of personally identifiable information (PII) of members and users. The popular adult live streaming website CAM4 exposed over 10.88 billion database records containing a total of 7TB of personally identifiable information (PII) of its members and users. The data leak is the result of the accidental exposure […]

CAM4 2

The popular adult live streaming website CAM4 exposed over 7TB of personally identifiable information (PII) of members and users.

The popular adult live streaming website CAM4 exposed over 10.88 billion database records containing a total of 7TB of personally identifiable information (PII) of its members and users.

The data leak is the result of the accidental exposure of an Elasticsearch cluster managed by the company, the records date back to March 16, 2020.

CAM4 is a live streaming website featuring live webcam performances, filtered by female, male, transgender, or couples of primarily amateur performers. Granity Entertainment owns the site that has around 2 billion visitors each year.

The exposed cluster was discovered by the SafetyDetectives research team lead by Anurag Sen that reported the issue to Granity Entertainment, which quickly took down it.

“Our security research team, led by Anurag Sen, has discovered a significant data leak stretching into billions of records at adult live-streaming website CAM4.com, belonging to Irish company Granity Entertainment.” continues the report.

“The server’s database size exceeded 7 terabytes with production logs dating from 16 March 2020 and increasing daily. The unsecured Elastic Search database included a significant amount of both user and company information with the vast majority of email data records referring to users in the US.”

Exposed records included a huge trove of information, including names, sexual orientation, emails to IP addresses, email message transcripts, and private conversations between users.

Experts pointed out that millions of PII entries were left open online, including:

  • First and last names
  • Email addresses
  • Country of origin
  • Sign-up dates
  • Gender preference and sexual orientation
  • Device information
  • Miscellaneous user details such as spoken language
  • Usernames
  • Payments logs including credit card type, amount paid and applicable currency
  • User conversations
  • Transcripts of email correspondence
  • Inter-user conversations
  • Chat transcripts between users and CAM4
  • Token information
  • Password hashes
  • IP addresses
  • Fraud detection logs
  • Spam detection logs

In total, around 11 million records contained at least one email address from a variety of email providers (i.e. gmail.com, icloud.com, and hotmail.com).

Most of the exposed records belong to users from US (6,5M+), Brazil (5,3M+), Italy (4,8M+), and France (4,1M+).

“US, Brazilian and Italian users were the most heavily affected although the precise number of email records is difficult to gauge accurately due to multiple entries being duplicated. As expected, countries such as the UAE, Saudi Arabia and Iran all had zero entries given the fact that these countries ban adult content domestically.” continues the report.

“The security team also discovered 26,392,701 entries with passwords hashes with a proportion of hashes belonging to CAM4.com users and some from website system resources.”

A ‘few hundred entries’ also included full names, credit card types, and payment amounts. An attacker could use this information to carry out sophisticated phishing attacks and scams.

“Possibly the greatest risk in both financial and reputational respects is the risk of blackmail scams that could be deployed against users who believe they are anonymous when sharing compromising data and content.” concludes the post.

Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
https://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – CAM4, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]