Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

[Article] Adult site leaks sensitive data - Severe threat to thousands of people

Jimi Wikman

Recommended Posts

  • Owner

When personal information is exposed it is always bad, but when adult sites expose thousands of people personal information such as ID, nationality, home address, parents name, personal signature and even fingerprints (!), then that could lead to very bad things indeed. This is what was found on a S3 amazon bucket by the vpnMentor cybersecurity research team.

This leak has exposed the personal data and likeness of over 4,000 models among more than 875,000 files and has high-risk, real life implications for said models. Some are are old, others within the last weeks and the content is more than enough to steal someone's identity for identity theft.


There are at least 875,000 keys, which represent different file types, including videos, marketing materials, photographs, clips and screenshots of video chats, and zip files. Within each zip folder – and there is apparently one zip folder per model – there are often multiple additional files (e.g. photographs and scans of documents), and many additional items that we chose not to investigate.





Photographs and scans of full passports and national identification cards, including visible:

  • Full name
  • Birth date
  • Birthplace
  • Citizenship status
  • Nationality
  • Passport/ID number
  • Passport issue & expiration dates
  • Nationally registered gender
  • ID photo
  • Personal signature
  • Parent’s full names
  • Fingerprints
  • Additional country-specific details (e.g. emergency contact information for UK citizens)



The more severe implications however is that exposing information that can identify these models in detail is that it can lead to harassment or even life threatening situations.  Among the exposed models are LGBTQ people and with around 70 countries still consider this a criminal offense it could lead to prison sentences or even murder.

It took the company several days to respond to the communication from vpnMentor and the response is not exactly what I would expect from a company that just illegally exposed information on thousands of people in their employment.


Date discovered: January 3, 2020
Date company notified: January 4, 2020
Data Amazon notified: January 7, 2020
Date of reply from Company: January 7, 2020
Date of action: January 9, 2020

I sincerely hope that none of the people that had their information exposed come to any harm, emotionally or otherwise. I also hope that legal actions are taken towards this company for their negligence. Finally I hope this company hire someone to help them secure this kind of information so the people they employ can have their private data secured.

You can read the full post about this incident here.


View full article

Link to comment
Share on other sites

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now

  • Create New...