3.8M Porn Users Compromised in Naughty America Hack

Written by

Stolen databases containing emails and passwords of 3.8 million porn users have supposedly turned up on the Dark Web—the latest in a string of adult-themed heists.

A hacker advertising the info on the underground The Real Deal site claims to have taken the database from the owner of the Naughty America porno production house, as well as from affiliated groups like gay porn site Suite703 and related forums. The info is up for sale for just $300.

The low price tag could be due to the fact that the account passwords were protected with bcrypt, a strong cryptographic algorithm—and also, some of the data could be old.

As for its authenticity, that’s a matter of some debate. Security researcher Troy Hunt checked the data with subscribers to his HaveIBeenPwned service, and received at least one user confirmation. The person had signed up for a three-day trial for a Naughty America account before cancelling.

Forbes carried out its own investigation. “Forbes was unable to independently verify the figures, though the data dealer, going by the name of Peace, passed on additional databases containing more than the small sample provided on the market,” the outlet said. “Four of more than 30 individuals included in the leaks responded to Forbes’ attempts at contact, saying they had used Naughty America or Suite703 and planned to change their passwords. Two said they had cancelled their subscriptions more than a year ago. Naughty America’s privacy policy does not state the company will delete user information once an account is terminated.”

Several recent data breaches have hit adult sites of late, including the lifting of 237,000 user account details from porn site TeamSkeet. That went up for sale on a dark web forum for just $400. And in February, the dating website Mate1 saw 27+ million user account credentials, including plaintext passwords, turn up on the dark web forum known as Hell.

According to Hunt, the Mate1 data breach included “deeply sensitive” information such as drug use, income levels and sexual fetishes.

Then of course there was the infamous hack of 37 million records for customers of Ashley Madison, the online “dating” website for married people looking to have an affair. The information includes "all the customers' secret sexual fantasies and matching credit card transactions,” the perpetrators said. The hackers, who call themselves The Impact Team, said they plan to release real names, profiles, nude photos, credit card details and fantasy information unless their demands were met.

Photo © Sergey Nivens

What’s hot on Infosecurity Magazine?