A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected. The sites, run by Barcelona-based VTS Media, include amateur.tv, webcampornoxxx.net, and placercams.com. Most of the sites’ users are based in Spain and Europe, but we found evidence of users across the world, including the United States. The database, containing months-worth of daily logs of the site activities, was left without a password for weeks. Those logs included detailed records of when users logged in — including usernames and sometimes their user-agents and IP addresses.
https://twitter.com/zackwhittaker/status/1190992807865061376
I think it is a very important flaw because user data was exposed. I always recommend sites like https://www.chatsexocam.com/en/ or livejasmin.com because they are managed by Duodecad IT Services which is a company with a great reputation in Europe and offers maximum protection to its users, as well as processing payments and handling of personal data
Unprotected systems directly accessible over the Internet are never a good thing. In this case, it seems that the logs being centrally collected, which from a security perspective is a good thing. Were it not left unprotected. Whenever possible, systems should be placed on the internal/trusted network and only accessible by individual users through a VPN. By maintaining such approach, it is difficult to accidentally deploy a system that is accessible by anyone with access to the Internet.
The big caveat with this breach is that this may leave the users vulnerable to sextortion attacks. If the users can be linked to an individual (for example when using the same email for username), adversaries could start targeting individuals in spear-phishing campaigns using real facts from this breach. For example, we knew you watched camgirl X on these dates. If you do not pay this information will be spread to friends/family/colleagues.