YouPorn users exposed through configuration flaw
Sophos reports that the access data for thousands of users of the YouPorn adult video web site has leaked onto the net. According to Alexa, YouPorn is one of the one hundred most frequently visited web sites worldwide.
Apparently, over 5,000 email addresses and passwords were listed in log files that have been created since 2007. Because of a configuration error, the directory was accessible to internet users without authorisation. Although the vulnerability has been fixed, copies of the log files are already being circulated on anonymous text hosting services such as Pastebin.
This could cause problems for the affected users in two ways: not only might their use of such sites be exposed, but their passwords were also released unhashed and in plain text, which potentially affects other accounts for which they may have used the same passwords. One of the most common security errors that people make is to use the same login username and password for multiple sites. If any one such site is compromised – as this one has been – and personal data is obtained by hackers, they can then try to use the acquired data on other commonly used sites such as Facebook and webmail sites.
Meanwhile, YouPorn has attempted to clarify the situation, explaining that only YouPorn chat users have been affected by the incident. The chat feature is run by an undisclosed company that is not directly associated with YouPorn. YouPorn has since removed the chat feature from its web site.
Only a week ago, a Moroccan hacker claimed that he stole 350,000 user data records from the Brazzers porn site. YouPorn and Brazzers are both operated by a company called Manwin. Yesterday (Wednesday), it was revealed that several hundred thousand data records of customers and affiliates of the videosz.com porn video portal were freely accessible on the internet.