Led by Noam Rotem and Ran Locar,vpnMentorsresearch team discovered adata breach in adult site Luscious.
Luscious is a niche pornographic image site focused primarily on animated,user-uploaded content.
Private profiles allow users to upload, share, comment on, and discuss content on Luscious.
All of this is understandably done whilekeeping their identity hidden behind usernames.
All of these were compromised, revealing personal details of users withpotentially devastating consequences.
Our team was also able to viewdetails of blog posts and content published on Luscious.
This included the authors details, along with the number of likes, when published, category, etc.
Some of theseblog posts were extremely personal- including depressive or otherwise vulnerable content - and kept anonymous.
The1 million+ users affected are located around the world, with their locations also revealedin the breach.
Its exposure could beruinous for a victims relationships and personal lives.
Given the nature of the content on Luscious, the effects of such a campaign could be devastating.
If you have revealed your location on Luscious, remove this detail from your profile.
you could alsochange your locationusing a VPN.
Every identified weak spot is meticulously examined for potential data leakage.
If possible, we will also alert those affected by the breach.
Our team was able to access this database because it was completely unsecured and unencrypted.
The company uses an Elasticsearch database, which is ordinarily not designed for URL use.
The purpose of this web mapping project is tohelp make the internet safer for all users.
As ethical hackers, were obliged to inform a companywhen we discover flaws in their online security.
This is especially true when the companies data breach contains such private information.
[Publication date: 19.08.2019]
yo, comment on how to improve this article.
