Security Experts Comments On Millions Of ‘Camgirl’ Site Users And Sex Workers Exposed

A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected. The sites, run by Barcelona-based VTS Media, include amateur.tvwebcampornoxxx.net, and placercams.com. Most of the sites’ users are based in Spain and Europe, but we found evidence of users across the world, including the United States. The database, containing months-worth of daily logs of the site activities, was left without a password for weeks. Those logs included detailed records of when users logged in — including usernames and sometimes their user-agents and IP addresses.

https://twitter.com/zackwhittaker/status/1190992807865061376

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Javier Quintero
Javier Quintero , Administrator
InfoSec Expert
April 11, 2020 2:10 am

I think it is a very important flaw because user data was exposed. I always recommend sites like https://www.chatsexocam.com/en/ or livejasmin.com because they are managed by Duodecad IT Services which is a company with a great reputation in Europe and offers maximum protection to its users, as well as processing payments and handling of personal data

Last edited 2 years ago by Javier Quintero
Hugo van Den Toorn
Hugo van Den Toorn , Manager, Offensive Security
InfoSec Expert
November 5, 2019 7:52 pm

Unprotected systems directly accessible over the Internet are never a good thing. In this case, it seems that the logs being centrally collected, which from a security perspective is a good thing. Were it not left unprotected. Whenever possible, systems should be placed on the internal/trusted network and only accessible by individual users through a VPN. By maintaining such approach, it is difficult to accidentally deploy a system that is accessible by anyone with access to the Internet.

The big caveat with this breach is that this may leave the users vulnerable to sextortion attacks. If the users can be linked to an individual (for example when using the same email for username), adversaries could start targeting individuals in spear-phishing campaigns using real facts from this breach. For example, we knew you watched camgirl X on these dates. If you do not pay this information will be spread to friends/family/colleagues.

Last edited 2 years ago by Hugo van Den Toorn
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x