A Bulgarian hacker has breached two online forums dedicated to sex workers, stolen user information, which he's now selling on a hacking forum.
The two forums are EscortForumIt.xxx and Hookers.nl -- serving sex workers and customers in Italy and the Netherlands, where prostitution is legal.
Both forums have confirmed the breaches this week.
vBulletin zero-day strikes again
Both were running outdated versions of the vBulletin forum software. The hacker told ZDNet this week in an email that he used a vBulletin zero-day (CVE-2019-16759) disclosed at the end of September to breach the two sites.
The hacker is now selling the data on a publicly-available hacking forum. Stolen data includes usernames, email addresses, and password hashes -- obtained from both forums, with 33k records from the Italian one, and 300k from the Dutch one.
According to a sample of the data obtained by ZDNet, in the case of the Dutch forum, the hacker also appears to have gained access to the site's internal paid subscription system, although there was no financial information included in the sample we received.
The hacker, known as InstaKilla, is the same one who leaked the data of Bulgaria's National Revenue Agency (NRA) online in July -- although he was not responsible for the actual hack, but only for leaking it online.
The hacker is selling user data from these four, along with the user databases for 10+ other vBulletin-based forums.
Blackmail cannon fodder
While this data is being sold now, this type of information usually finds its way into the public domain at one point or another.
When that happens, users with accounts on the three adult-themed sites will be vulnerable to blackmail attempts. This is not a hypothetical scenario. These types of extortion campaigns have happened in the past, especially after the Ashley Madison data breach.