With ever-increasing digitization and people living a digital life on the web, cyber-security has become a pressing concern for all of us and yet we are failing at it more than ever.
In another huge data breach in the form of wildly popular porn website Brazzers, the compromised user data from the hack that actually took place in 2012 has now been leaked on the dark web.
The attack was originally aimed at Brazzers discussion forum, a companion forum for the website. However, since both forum and website have shared user account information, account details of even those who have not signed up for the forum are potentially at risk.
This hack has reportedly compromised the data of over 800,000 user accounts.
It was first spotted by data breach-monitoring site vigilante.pw, which passed the information to Motherboard website for verification. As per the website, hackers were able to get hold of about 790,724 unique email addresses, as well as usernames and passwords stored in plain text format. Although the breach consisted of over 900,000 entries in all, Motherboard reports that many of them were duplicates.
“This matches an incident which occurred in 2012 with our ‘Brazzersforum,’ which was managed by a third party. The incident occurred because of a vulnerability in the said third party software, the ‘vBulletin’ software, and not Brazzers itself,”said Matt Stevens, public relations manager of Brazzers.
The website quickly turned to remedial measures and shut down the forum, as soon as the news of the user data availability hit the interwebs. It has since then been taken down for maintenance and hasn’t gone live since then. The company might currently be working on sending out password reset (and two-factor authentication) requests to its behemoth userbase.
“Brazzers takes the privacy and safety of its users very seriously. Users’ accounts were shared between Brazzers and the ‘Brazzersforum’ which was created for user convenience. That resulted in a small portion of our user accounts being exposed and we took corrective measures in the days following this incident to protect our users. We banned all non-active accounts in that list in case those usernames and passwords are re-used in the future,” added Steven.