2 min read

CAM4 Data Leak Exposes Personal Data of Millions of Users

Alina BÎZGĂ

May 05, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
CAM4 Data Leak Exposes Personal Data of Millions of Users

The digital world is once again tainted by a highly sensitive data leak that puts millions of users at risk of blackmail attempts, identity theft and fraud.

A team of security researchers led by Anurag Sen recently uncovered a leaky database from CAM4, a popular live-streaming adult website. Housed on a misconfigured Elasticsearch server, the unsecure database exposed around 7TB of personal information from platform users and members.

You can also check if your private data has been exposed online! Use Bitdefender”s Digital Identity Protection tool to see where you stand at the moment and what the internet knows about you.

Among the cluster of 10 billion records, the analysists discovered information of CAM4 users, including:

• First and last names
• Email addresses and password hashes
• Country of origin and sign-up dates
• Gender preference and sexual orientation
• Device information
• Miscellaneous user details such as spoken language
• Usernames and user conversations
• Payments logs including credit card type, amount paid and applicable currency
• Transcripts of email correspondence
• Inter-user conversations
• Chat transcripts between users and CAM4
• Token information
• IP addresses
• Fraud and Spam detection logs

After rounding up the personal information, the team was able to pinpoint 11 million records containing emails, 26.3 million containing passwords hashes, and less than 1,000 revealing full names, credit card types and amounts paid to view explicit content on the website.

“US, Brazilian and Italian users were the most heavily affected although the precise number of email records is difficult to gauge accurately due to multiple entries being duplicated,” said researchers.

“The fact that a large amount of email content came from popular domains such as Gmail, Hotmail and iCloud — domains that offer supplementary services such as cloud-storage and business tools — means that compromised CAM4 users could potentially see huge volumes of personal data including photographs, videos and related business information leaked to hackers — assuming their accounts were eventually hacked via phishing as one example,” they later added.

Although the database was immediately taken down by parent company Granity Entertainment, the logs date back to March 16, and cybercriminals could have already scraped the information.

Moreover, let”s not forget the Ashley Madison data breach scandal – victims are still being targeted with blackmail and sextortion campaigns 5 years after the incident.

Given the sensitive nature of the exposed info, the aftermath of the recent data leak could have serious consequences, leaving CAM4 members vulnerable to targeted attacks and phishing emails. On top of any financial losses that may occur, victims can suffer damaging psychological effects, following multiple blackmail attempts or defamation.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Marketing lists for crypto customers stolen in data breach at marketing platform Klaviyo Marketing lists for crypto customers stolen in data breach at marketing platform Klaviyo
Alina BÎZGĂ

August 09, 2022

2 min read
What is medical identity theft and how to protect against it What is medical identity theft and how to protect against it
Alina BÎZGĂ

July 27, 2022

2 min read
SSNs, drivers’ licenses and government IDs exposed in Oklahoma City Housing Authority data breach SSNs, drivers’ licenses and government IDs exposed in Oklahoma City Housing Authority data breach
Alina BÎZGĂ

July 26, 2022

1 min read