430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

180,000 members of an underground ‘Upskirt’ porn website have been leaked online

The personal details of 180,000 members of the underground ‘Upskirt’ porn website The Candid Board have been leaked online. Some data breaches are more uncomfortable the others due to the nature of the affected services, porn and dating websites belong to these categories. The personal details of roughly 180,000 members of the underground ‘Upskirt’ porn website The Candid […]

180,000 members of an underground ‘Upskirt’ porn website have been leaked online

The personal details of 180,000 members of the underground ‘Upskirt’ porn website The Candid Board have been leaked online.

Some data breaches are more uncomfortable the others due to the nature of the affected services, porn and dating websites belong to these categories.

The personal details of roughly 180,000 members of the underground ‘Upskirt’ porn website The Candid Board have been leaked online due to a misconfigured database. The Candid Board is an ‘Upskirt’ porn website focused on the sharing of images, videos, and discussions about girls and women who appear to be unaware they are being spied.

The leaked data includes 178,201 unique email addresses, usernames, hashed passwords, dates of birth, IP addresses and other information such as ‘join date’, ‘last post date’ and ‘reputation’ point statistics.

The subscription fee is at $19.99 a month, but it seems that there were no financial data included in the data leak.

The IBTimes UK obtained the leaked data from a source who wished to remain anonymous and analyzed it.

“The details from the leaked database, which has now been secured, were reportedly obtained from September 2015. They were being managed by a US-based cloud hosting provider called Webair.” 

“Rather than try to track down a forum administrator, who probably doesn’t want to be tracked down, I decided to contact the hosting company Webair,” our source said. “I made my way through an automated system and pushed the buttons for tech support.

“When I described the issue to the support on the other side, he immediately understood what the problem was. It was almost as if they were aware of the problems in their system. We didn’t talk for long. He said he would contact the client and then we hung up.”

Among the leaked details there were 70 military records and 19 government email addresses.

If you want to verify if your email has been exposed you can visit the data breach notification website HaveIBeenPwned that has uploaded the data to its service. In this specific case, the service will allow only verified owners to check for their email.

“It’s amazing how much personal data people will entrust sites of this nature with,” said the popular expert Troy Hunt. “Members provided accurate email addresses and birthdates which combined with their IP address now very clearly ties them back to a site of very questionable legal status.”

IBTimes UK tested a number of the IP numbers in the leaked data and verified that they match their corresponding email address.

“In one example, an IP search for the person using the email “wales.gsi.gov.uk” brought up the result: http://host246.welsh-ofce.gov.uk.”

The source also confirmed to be in possession of another large chunk of data from multiple boards operated by the same company, it seems he had access to another leaked database containing tens of thousands of records from a website called NonNudeGirls.

The recent incident is not an isolated case, in September records belonging to 800,000 users of Brazzers porn website were leaked online.

While the stolen data relates to login details for the Brazzers forum rather than the main site, it is thought that many users have duplicated their passwords across both.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – ‘Upskirt’ porn website, hacking)