Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
  • Jimi Wikman
    Jimi Wikman

    Adult site leaks sensitive data - Severe threat to thousands of people

    When personal information is exposed it is always bad, but when adult sites expose thousands of people personal information such as ID, nationality, home address, parents name, personal signature and even fingerprints (!), then that could lead to very bad things indeed. This is what was found on a S3 amazon bucket by the vpnMentor cybersecurity research team.

    This leak has exposed the personal data and likeness of over 4,000 models among more than 875,000 files and has high-risk, real life implications for said models. Some are are old, others within the last weeks and the content is more than enough to steal someone's identity for identity theft.

    Quote

    There are at least 875,000 keys, which represent different file types, including videos, marketing materials, photographs, clips and screenshots of video chats, and zip files. Within each zip folder – and there is apparently one zip folder per model – there are often multiple additional files (e.g. photographs and scans of documents), and many additional items that we chose not to investigate.

     

     

    Quote

     

    Photographs and scans of full passports and national identification cards, including visible:

    • Full name
    • Birth date
    • Birthplace
    • Citizenship status
    • Nationality
    • Passport/ID number
    • Passport issue & expiration dates
    • Nationally registered gender
    • ID photo
    • Personal signature
    • Parent’s full names
    • Fingerprints
    • Additional country-specific details (e.g. emergency contact information for UK citizens)

     

     

    The more severe implications however is that exposing information that can identify these models in detail is that it can lead to harassment or even life threatening situations.  Among the exposed models are LGBTQ people and with around 70 countries still consider this a criminal offense it could lead to prison sentences or even murder.

    It took the company several days to respond to the communication from vpnMentor and the response is not exactly what I would expect from a company that just illegally exposed information on thousands of people in their employment.

    Quote

    Date discovered: January 3, 2020
    Date company notified: January 4, 2020
    Data Amazon notified: January 7, 2020
    Date of reply from Company: January 7, 2020
    Date of action: January 9, 2020

    I sincerely hope that none of the people that had their information exposed come to any harm, emotionally or otherwise. I also hope that legal actions are taken towards this company for their negligence. Finally I hope this company hire someone to help them secure this kind of information so the people they employ can have their private data secured.

    You can read the full post about this incident here.

     

    Edited by Jimi Wikman


    • Angry 1


    User Feedback

    Recommended Comments



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Similar Content

    • By ©Jimi Wikman
      BitNinja is an all in one server security tool mixing the most powerful defense techniques. It is super-easy to install, requires virtually no maintenance. It is able to protect against 99% of automated attacks - like XSS, DDoS, malware, scans, script injection, CMS hacks, enumeration, brute force, etc.
      Servers protected by BitNinja learn from each attack and inform each other about malicious IPs.
      This result is a global defense network that counteracts botnet attacks with a shield of protection for all servers running BitNinja, while also reducing the number of false positives each server encounters
       

      View full record
    • By ©Jimi Wikman
      BitNinja is an all in one server security tool mixing the most powerful defence techniques. It is super-easy to install, requires virtually no maintenance. It is able to protect against 99% of automated attacks - like XSS, DDoS, malware, scans, script injection, CMS hacks, enumeration, brute force, etc.
      Servers protected by BitNinja learn from each attack and inform each other about malicious IPs.
      This result is a global defense network that counteracts botnet attacks with a shield of protection for all servers running BitNinja, while also reducing the number of false positives each server encounters
×
×
  • Create New...