Unsecure Server Exposed 200 Million Records of Adult Webcam Models and Users Online
On Nov. 5, security researchers at Comparitech led by Bob Diachenko, discovered several unsecured databases exposing over 200 million records belonging to users and models of adult webcam platform Stripchat.
Sensitive data exposed
The leaked data belonging to the Cypriot-based webcam platform includes information on models and viewers alike, including:
- User/viewer database of approximately 65 million records revealing user email addresses, usernames, IP addresses, internet service provider, tip balance, timestamp of account creation, timestamp of last activity and blocked status.
- Model database of 412,000 records revealing usernames, gender, studio ID, live status, tip menus, prices and strip score.
- Transaction database of approximately 134 million records containing information about tokens and tips and private tips paid by users to cam models.
- Moderation database of 719,000 public and private chat messages containing the ID of users who sent the messages.
What is at risk
Although Stripchat managed to secure the database on Nov. 7, it’s not clear if any malicious actors were able to access and exfiltrate the data before then.
“Through ongoing monitoring of our security controls, our technical team detected a temporary data breach during a routine configuration of our servers,” Stripchat said in a statement last Friday. “Our team immediately took action to resolve the issue and secure our systems. The servers and data are now secure and we are currently investigating to what extent users of the site might have been affected.”
However, the sensitive nature of the exposed info puts both webcam models and users at risk of online and offline attacks.
“IP addresses, which can be used to approximate someone’s location, are particularly worrying,” Diachenko said. “They could enable someone to find and stalk, harass, or even assault someone in the database. Aside from physical violence, the identifying information could be used to extort, bully, or humiliate victims who thought their online activities were private.”
On a more positive note, Stripchat’s data breach notification says the company is “confident that passwords, payment details and account verification documents were not accessed.” Stripchat said it will continue to investigate the circumstances around the breach and keep users and models informed.
Despite a lack of evidence of any nefarious actions from threat actors, victims are advised to watch out for any phishing emails posing as Stripchat correspondence and use caution when accessing links or attachments.
Data breaches and leaks are daily occurrences. With Bitdefender Digital Identity Protection you can take control and minimize your digital footprint by continuously monitoring for data breaches and social media impersonators. Digital footprint monitoring only uses information provided (email address and phone number) when signing up to the service. The dedicated tool helps find your private information online in legal and illegal collections of data, and helps you stay on top of new breaches and privacy threats with instant alerts and monitoring.
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022