X
Home & Office
Home Home & Office Networking Mobile Carriers

YouPorn debug file exposure hits a million users

The personal data of more than a million pornography connoisseurs has been exposed, after a pornographic chat site was found to be storing email address and passwords on a public-facing server.The breach was found at the YouPorn Chat (YP Chat) site, a third party service that is separate from YouPorn itself, but that was linked to from that site.
Written by David Meyer, Contributor

The personal data of more than a million pornography connoisseurs has been exposed, after a pornographic chat site was found to be storing email address and passwords on a public-facing server.

The breach was found at the YouPorn Chat (YP Chat) site, a third party service that is separate from YouPorn itself, but that was linked to from that site.

It appears that the information was being stored in a debug log file with a publicly accessible URL, according to security expert Anders Nilsson of the Swedish firm EuroSecure. Nilsson noted that, judging from the contents of the log file, it had been publicly accessible since around November 2007, and had been showing new registration data ever since then.

"For a security professional it is baffling how coders working on a website with such sensitive content can make mistakes of this magnitude," Nilsson wrote in a blog post on Wednesday. "Allegedly hundreds of megabytes of data has been secured by people with unknown goals. Cyber criminals can easily go through these e-mail addresses and match them with passwords and this way gain access to e-mail accounts."

According to the security expert, the debug log file was found on Tuesday, probably by "someone sweeping websites for publicly accessible, but hidden folders".

Nilsson added that, once criminals are in people's accounts, they can "secure even more sensitive information to use in phishing attacks, theft, or fraud". He suggested that hackers were already going through the lists, correlating email addresses with Facebook and email accounts and trying the listed YP Chat passwords — with some success.

"Hackers… have posted some intimate pictures found in some users' sent/received email," Nilsson wrote.

Nilsson pointed out that many people still use the same passwords for most or all the services they use online, making it easier for miscreants to make use of information such as that taken from the YP Chat site.

As an aid to demonstrating how weak passwords can be, Nilsson also posted a series of statistics showing the most commonly chosen character sequences.

Editorial standards
Show Comments

Related

logi-ai-prompt-builder-mx-setup

Logitech mouse and keyboard users are getting a free AI upgrade

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

Placeholder product image alt text

The best AI image generators to try right now