Unsecure Server Exposed 200 Million Records of Adult Webcam Models and Users Online
On Nov. 5, security researchers at Comparitech led by Bob Diachenko, discovered several unsecured databases exposing over 200 million records belonging to users and models of adult webcam platform Stripchat.
Sensitive data exposed
The leaked data belonging to the Cypriot-based webcam platform includes information on models and viewers alike, including:
- User/viewer database of approximately 65 million records revealing user email addresses, usernames, IP addresses, internet service provider, tip balance, timestamp of account creation, timestamp of last activity and blocked status.
- Model database of 412,000 records revealing usernames, gender, studio ID, live status, tip menus, prices and strip score.
- Transaction database of approximately 134 million records containing information about tokens and tips and private tips paid by users to cam models.
- Moderation database of 719,000 public and private chat messages containing the ID of users who sent the messages.
What is at risk
Although Stripchat managed to secure the database on Nov. 7, it’s not clear if any malicious actors were able to access and exfiltrate the data before then.
“Through ongoing monitoring of our security controls, our technical team detected a temporary data breach during a routine configuration of our servers,” Stripchat said in a statement last Friday. “Our team immediately took action to resolve the issue and secure our systems. The servers and data are now secure and we are currently investigating to what extent users of the site might have been affected.”
However, the sensitive nature of the exposed info puts both webcam models and users at risk of online and offline attacks.
“IP addresses, which can be used to approximate someone’s location, are particularly worrying,” Diachenko said. “They could enable someone to find and stalk, harass, or even assault someone in the database. Aside from physical violence, the identifying information could be used to extort, bully, or humiliate victims who thought their online activities were private.”
On a more positive note, Stripchat’s data breach notification says the company is “confident that passwords, payment details and account verification documents were not accessed.” Stripchat said it will continue to investigate the circumstances around the breach and keep users and models informed.
Despite a lack of evidence of any nefarious actions from threat actors, victims are advised to watch out for any phishing emails posing as Stripchat correspondence and use caution when accessing links or attachments.
Data breaches and leaks are daily occurrences. With Bitdefender Digital Identity Protection you can take control and minimize your digital footprint by continuously monitoring for data breaches and social media impersonators. Digital footprint monitoring only uses information provided (email address and phone number) when signing up to the service. The dedicated tool helps find your private information online in legal and illegal collections of data, and helps you stay on top of new breaches and privacy threats with instant alerts and monitoring.
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks
October 22, 2021
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals
October 20, 2021