YouPorn breach – hackers get away with 6,400 user names/passwords

23 Feb 2012

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

YouPorn, which is one of the top 100 most-visited websites in the world, has been attacked by hackers who exposed the user names and passwords of some 6,400 users.

It is understood that a third-party chat service caused the breach.

YouPorn has acknowledged the breach, shut down the affected server and has notified its users.

The list of user names and passwords is circulating on the web.

"YouPorn continues to ensure that all appropriate measures and tools are in place to maintain the security of its infrastructure, and to safeguard the privacy of its users," YouPorn’s parent company Luxembourg-based Manwin said in a statement.

According to Alexa, YouPorn is one of the 100 most-visited websites in the world.

Anders Nilsson, CTO of security researcher firm EuroSecure, said it appears a careless programmer accidentally left debut logging onto a publicly accessible URL as early as November 2007 and it has been storing all registrations ever since.

“The exposed information contains e-mail addresses and passwords," Nilsson said in his blog.

“This information can be used to identify porn consumers, but for some users more than a reputation is at stake.

“It is common knowledge that even today a surprisingly large portion of internet users use the same passwords for many (or all) of the services they use on the internet, whether it is e-mail accounts, Facebook, PayPal or other services.

“For a security professional it is baffling how coders working on a website with such sensitive content can make mistakes of this magnitude. Allegedly hundreds of megabytes of data has been secured by people with unknown goals.

“Cyber criminals can easily go through these email addresses and match them with passwords and this way gain access to e-mail accounts. Once they are in, they can secure even more sensitive information to use in phishing attacks, theft or fraud," Nilsson said.

66

DAYS

4

HOURS

26

MINUTES

Buy your tickets now!

Editor John Kennedy is an award-winning technology journalist.

editorial@siliconrepublic.com