• Contact Us
  • Login
Upgrade
Tech News Hero
Advertisement
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
Tech News Hero
No Result
View All Result
Home Security

Adult Cam Site CAM4 Exposed 10.88 Billion Records Online

by technewshero
May 6, 2020
in Security
0
Share on FacebookShare on Twitter

It’s all too common for companies to leave databases chock full of sensitive information exposed to the great wide internet. But when that company operates an adult livestreaming service, and that data comprises 7 terabytes of names, sexual orientations, payment logs, and email and chat transcripts—across 10.88 billion records in all—the stakes are a bit higher.

The site is CAM4, a popular adult platform that advertises “free live sex cams.” As part of a search on the Shodan engine for unsecured databases, security review site Safety Detectives found that CAM4 had misconfigured an ElasticSearch production database so that it was easy to find and view heaps of personally identifiable information, as well as corporate details like fraud and spam detection logs.

“Leaving their production server publicly exposed without any password,” says Safety Detectives researcher Anurag Sen, whose team discovered the leak, “it’s really dangerous to the users and to the company.”

The Hack

First of all, very important distinction here: There’s no evidence that CAM4 was hacked, or that the database was accessed by malicious actors. That doesn’t mean it wasn’t, but this is not an Ashley Madison–style meltdown. It’s the difference between leaving the bank vault door wide open (bad) and robbers actually stealing the money (much worse).

The mistake CAM4 made is also not unique. ElasticSearch server goofs have been the cause of countless high-profile data leaks. What typically happens: They’re intended for internal use only, but someone makes a configuration error that leaves it online with no password protection. “It’s a really common experience for me to see a lot of exposed ElasticSearch instances,” says security consultant Bob Diachenko, who has a long history of finding exposed databases. “The only surprise that came out of this is the data that is exposed this time.”

And there’s the rub. The list of data that CAM4 leaked is alarmingly comprehensive. The production logs Safety Detectives found date back to March 16 of this year; in addition to the categories of information mentioned above, they also included country of origin, sign-up dates, device information, language preferences, user names, hashed passwords, and email correspondence between users and the company.

Out of the 10.88 billion records the researchers found, 11 million contained email addresses, while another 26,392,701 had password hashes for both CAM4 users and website systems. A few hundred of the entries included full names, credit card types, and payment amounts. A message from WIRED sent to a CAM4 online portal went unanswered.

Who’s Affected?

It’s hard to say exactly, but the Safety Detectives analysis suggests that roughly 6.6 million US users of CAM4 were part of the leak, along with 5.4 million in Brazil, 4.9 million in Italy, and 4.2 million in France. It’s unclear to what extent the leak impacted both performers and customers.

This image may contain Electronics, Computer, and Pc

The WIRED Guide to Data Breaches

Everything you ever wanted to know about Equifax, Mariott, and the problem with social security numbers.

Again, there’s no indication that bad actors tapped into all those terabytes of data. And Sen says that CAM4’s parent company, Granity Entertainment, took the problematic server offline within a half hour of being contacted by the researchers. That doesn’t excuse the initial error, but at least the response was swift.

Moreover, despite the sensitive nature of the site and the data involved, it was actually fairly difficult to connect specific pieces of information to real names. “You really have to dig into the logs to find tokens or anything that would connect you to the real person or anything that would reveal his or her identity,” says Diachenko. “It should not have been exposed online, of course, but I would say it’s not the scariest thing that I’ve seen.”

How Bad Is It?

Which is not to say that everything’s totally fine. If anyone were to have done that digging, they could have found out enough about a person—including sexual preferences—to potentially blackmail them. On a more mundane level, CAM4 users who reuse their passwords would be at immediate risk for credential stuffing attacks, potentially exposing any accounts where they don’t use strong, unique credentials.

Or consider the inverse: If you have the email address of a CAM4 user, Sen says, there’s a decent chance you can find an associated password from a previous data breach, and break into their account.

The data in the leak could have potentially put CAM4 at risk, as well; privileged fraud and spam detection information would have given potential attackers a road map for how to get around those defenses.

Data leaks happen. They’re not as bad as breaches, but with information this sensitive, the onus is on companies to take every precaution to protect it—not the bare minimum.


More Great WIRED Stories

Previous Post

Hasmukh: Delhi High Court Refuses to Grant Interim Stay on Streaming of Series

Next Post

Experiment Shows Some Life Can Survive in Exoplanet-Like Conditions

technewshero

technewshero

Related Posts

2020 Shows the Danger of a Decapitated Cyber Regime
Security

2020 Shows the Danger of a Decapitated Cyber Regime

by technewshero
January 13, 2021
A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting
Security

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

by technewshero
January 14, 2021
The Worst Hacks of 2020, a Surreal Pandemic Year
Security

The Worst Hacks of 2020, a Surreal Pandemic Year

by technewshero
January 15, 2021
Security

How Your Digital Trails Wind Up in the Police’s Hands

by technewshero
December 31, 2020
How to Understand the Russia Hack Fallout
Security

How to Understand the Russia Hack Fallout

by technewshero
December 22, 2020
Next Post

Experiment Shows Some Life Can Survive in Exoplanet-Like Conditions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Popular

WWDC goes online, Android 11 delays, Facebook SDK turns into app kill switch – TechNewHero

WWDC goes online, Android 11 delays, Facebook SDK turns into app kill switch – TechNewHero

December 15, 2020
Best 2-in-1 convertible laptops for 2021

Best 2-in-1 convertible laptops for 2021

January 12, 2021

Facebook to Rethink Policies Around Artistic Nudity

June 8, 2019

Browse by Category

  • Apps
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • News
  • PC & Laptops
  • Security
  • Social
Tech News Hero

© 2020 Tech News Hero.

No Result
View All Result
  • Home
  • Landing Page
  • Buy JNews
  • Support Forum
  • Contact Us

© 2020 Tech News Hero.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?