The popular adult cam site StripChat has suffered a security breach that resulted in the leak of the personal data of millions of users and adult models.
The security breach was discovered by the data breach hunter Bob Diachenko, the expert discovered an ElasticSearch database cluster that was accessible online without authentication. Diachenko discovered the cluster on November 5t, but the database was indexed by search engines on November 4.
“The exposed database makes multiple references to Stripchat and consists of nearly 200 million records. Exposed data includes email addresses, usernames, and IP addresses, among other info, seemingly about the site’s users and models.” wrote Diachenko.
The expert pointed out that the exposure could pose a significant privacy risk for Stripchat viewers and models. Threat actors could use such kinds of data to blackmail in sextortion schemes or to target them in a phishing attack.
“The exposure could be a digital and physical threat for both Stripchat viewers and models. IP addresses, which can be used to approximate someone’s location, are particularly worrying. They could enable someone to find and stalk, harass, or even assault someone in the database,” Diachenko added. “Aside from physical violence, the identifying information could be used to extort, bully, or humiliate victims who thought their online activities were private.”
Diachenko attempted to contact the company multiple times via email and Twitter, but without success. The researcher noticed that the adult site secured its database a few days later.
Below is the detailed list of exposed records:
At the time of this writing, StripChat has yet to disclose the security breach.
(SecurityAffairs – hacking, StripChat)