Security researchers say a data breach on an adult website exposed the information of more than 1 million supposedly anonymous users.
A research team at vpnMentor revealed in a blog post on Monday that the adult site Luscious, which centers around animated imagery uploaded by users, left data on over 1.195 million accounts in an unsecured database.
Everything from usernames to personal email addresses was included in the breach, as well as activity logs and the gender and location of account holders.
The research team argues that while the database has since been secured, it’s entirely possible that hackers were able to access the information beforehand.
“The highly sensitive and private nature of Luscious’ content makes users incredibly vulnerable to a range of attacks and exploitation by malicious hackers,” vpnMentor states.
Some users even appeared to use their legal names as part of their emails, making them even more vulnerable to attack.
The accounts belonged to a wide range of users spanning from numerous continents, including “Europe, Asia, Australia, and the Americas.” Official government emails from countries like Australia, Brazil, Italy, and Malaysia were located as well.
“This adds a great deal of additional vulnerability not just to the users, but also their employers,” vpnMentor warns. “With access to employee email addresses, criminal hackers can target government agencies and departments in a number of ways.”
While there doesn’t seem to be any evidence that hackers accessed the database, vpnMentor says that users of the site should be mindful of any attacks such as doxing, extortion, and phishing. Competitors of Luscious could even use such data to entice users over to their services.
The research team says Luscious users should immediately change their username and the email they use for the site. Using a specific email address for adult websites is also advisable to avoid having your personal identity linked to your online activity.
READ MORE:
- These dating apps were found to be leaking users’ exact locations
- Startup secretly collected millions of Instagram users’ location data, stories
- Twitter bug shared some user’s location data without their consent
H/T ZDNet