Hackers are reported to be selling 380,000 hacked xHamster account details
\
If you can’t trust a porn site to keep
your personal details safe, then who can you trust? Yes, it seems that yet
another adult entertainment company has leaked its members’ information all
over the web. Two months ago it was Brazzers; now it's claimed that xHamster
has been caught with its virtual pants down.
According to a
report by Motherboard,
breach notification site LeakBase has revealed that 380,000 users were
affected by the hack, which has resulted in credentials, including usernames,
email addresses, and “poorly hashed” passwords, being traded on the digital
underground.
xHamster doesn’t
require viewers to create accounts, but those who do can post comments, create
personal collections, and upload their own videos. While that 380,000 figure does
sound like a lot, the site claims to have 12 million members.
The report adds
that 40 of the email addresses in the database belong to the US Army, and 30
are related to various US, UK, and other countries’ government bodies.
It’s not clear
exactly when the breach took place, but the information was being traded at
around the same time an anonymous hacker found a vulnerability in xHamster
earlier this year. Exactly how the hacker or hackers got all the details is
unclear.
“The passwords
of all xHamster users are properly encrypted, so it is almost impossible to
hack them. Thus, all the passwords are safe and the users data secured,” a
spokesperson for the company said. However, Motherboard says the site uses the
outdated MD5 hashing algorithm, which hackers can easily crack.
Responding to
the Motherboard report, xHamster claims no hack took place. "The only way
to respond to this news is to coin a new term: 'Fhack.' A fhack is best defined
as a fake hack. There was a failed attempt to hack our database which occurred
4 years ago. The integrity of our user data is secure. Passwords are encrypted
and impossible to hack. In short, this was a successful fhack; and a failed
hack."
When asked how
xHamster's user emails found their way into the hands of data traders, the site
said: "We cannot validate that the emails are real and we don't believe
that this is a genuine database." Strangely, Motherboard said it has
independently verified the leaked email addresses and usernames.
No comments: