SECURITY
SECURITY
SECURITY
1.2M account details exposed on adult content site Luscious
An website for sharing adult content has exposed the details of nearly 1.2 million users on an unsecured Elasticsearch database.
Discovered recently by security researchers at vpnMentor, the site goes by the name of Lucious and shares user-uploaded content, including hentai, or Japanese anime or manga pornography. A mix of a forum and image hosting site along the lines of Imgur complete with commenting and shares, the site is surprisingly popular, with an Alexa global rank of 5,041.
Users on the site had only their usernames exposed to others, but their personal details are gathered when they register and those details were found in the database: usernames, personal email addresses, locations, activity logs, genders and in some cases full names.
In addition, the database also included user activity such as video and image album uploads, likes, comments, userIDs, followers and blog posts, all of which could be linked back to actual real-world identities.
“Some of these blog posts were extremely personal – including depressive or otherwise vulnerable content – and kept anonymous,” the researchers wrote. “Due to this data breach, however, the blog posts are no longer anonymous, with many of the authors’ identities revealed.”
An estimated 20 percent of accounts used throw-away addresses, but the others did not, with users using email addresses that often included their actual names. In some cases, the emails addresses were government-issued as well.
The researchers noted that the data breach could have devastating effects on users given they be could be easily outed as users of a porn site with fetish features. The data also exposes users of the site to hackers and other malicious actors as well, who could potentially use the data to hack or even blackmail users of the site.
“Once a Luscious user’s identity is compromised, they can be targeted for more than just bullying,” the researchers write. “Hackers could threaten to expose users unless they pay a ransom. Given the sensitive nature of this data breach, victims are incredibly vulnerable and likely to pay.”
Although the Lucious data breach is not nearly as big, there is precedent when it comes to sensitive information being used to blackmail people, such as when data was stolen from cheating hookup site Ashley Madison in 2015.
It remains unknown whether the database was accessed by malicious actors, but it has now been secured.
Image: Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
