Security Experts Comments On Millions Of ‘Camgirl’ Site Users And Sex Workers Exposed

A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected. The sites, run by Barcelona-based VTS Media, include amateur.tvwebcampornoxxx.net, and placercams.com. Most of the sites’ users are based in Spain and Europe, but we found evidence of users across the world, including the United States. The database, containing months-worth of daily logs of the site activities, was left without a password for weeks. Those logs included detailed records of when users logged in — including usernames and sometimes their user-agents and IP addresses.


EXPERTS COMMENTS
Hugo van den Toorn, Manager, Offensive Security,  Outpost24
November 05, 2019
The big caveat with this breach is that this may leave the users vulnerable to sextortion attacks.
Unprotected systems directly accessible over the Internet are never a good thing. In this case, it seems that the logs being centrally collected, which from a security perspective is a good thing. Were it not left unprotected. Whenever possible, systems should be placed on the internal/trusted network and only accessible by individual users through a VPN. By maintaining such approach, it is difficult to accidentally deploy a system that is accessible by anyone with access to the Internet. The big caveat with this breach is that this may leave the users vulnerable to sextortion attacks. If the users can be linked to an individual (for example when using the same email for username), adversaries could start targeting individuals in spear-phishing campaigns using real facts from this breach. For example, we knew you watched camgirl X on these dates. If you do not pay this information will be spread to friends/family/colleagues.

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :



Join the Conversation

Join the Conversation


In this article