Security Experts Comments On Millions Of ‘Camgirl’ Site Users And Sex Workers Exposed

A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected. The sites, run by Barcelona-based VTS Media, include amateur.tvwebcampornoxxx.net, and placercams.com. Most of the sites’ users are based in Spain and Europe, but we found evidence of users across the world, including the United States. The database, containing months-worth of daily logs of the site activities, was left without a password for weeks. Those logs included detailed records of when users logged in — including usernames and sometimes their user-agents and IP addresses.

https://twitter.com/zackwhittaker/status/1190992807865061376

Experts Comments

April 11, 2020
Javier Quintero
Administrator
latinamazing
I think it is a very important flaw because user data was exposed. I always recommend sites like https://www.chatsexocam.com/en/ or livejasmin.com because they are managed by Duodecad IT Services which is a company with a great reputation in Europe and offers maximum protection to its users, as well as processing payments and handling of personal data
November 05, 2019
Hugo van Den Toorn
Manager, Offensive Security
Outpost24
Unprotected systems directly accessible over the Internet are never a good thing. In this case, it seems that the logs being centrally collected, which from a security perspective is a good thing. Were it not left unprotected. Whenever possible, systems should be placed on the internal/trusted network and only accessible by individual users through a VPN. By maintaining such approach, it is difficult to accidentally deploy a system that is accessible by anyone with access to the Internet. The.....Read More
Unprotected systems directly accessible over the Internet are never a good thing. In this case, it seems that the logs being centrally collected, which from a security perspective is a good thing. Were it not left unprotected. Whenever possible, systems should be placed on the internal/trusted network and only accessible by individual users through a VPN. By maintaining such approach, it is difficult to accidentally deploy a system that is accessible by anyone with access to the Internet. The big caveat with this breach is that this may leave the users vulnerable to sextortion attacks. If the users can be linked to an individual (for example when using the same email for username), adversaries could start targeting individuals in spear-phishing campaigns using real facts from this breach. For example, we knew you watched camgirl X on these dates. If you do not pay this information will be spread to friends/family/colleagues.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.