SophosLabs: A hacker, identified as a 17-year-old based in Morocco, claims to have stolen the personal information of 350,000 users from hardcore porn mavens Brazzers.
The point, claims the hacker, was to highlight a security vulnerability on the adult site.
According to reports, the teen uploaded a small small of the stolen data to the internet, displaying customer emails, usernames and passwords. Presumably to offer up proof that he was behind the breach.
Karen Miller, spokesperson for Brazzers’ parent company Manwin Holding, reportedly said that the hacker accessed their websites via an old user forum. Investigations were ongoing.
Ms. Miller also explained Manwin and Brazzers were contacting everyone who was potentially affected by the breach but underlined that no credit card information was stolen.
The Associated Press writes that this is a “potential embarrassment for Luxembourg-based Manwin, which runs some of the world’s best-known pornography websites.”
It is all very well to worry about the porn company’s reputation, but what about the customers?! How do they feel knowing that their info, including names and emails, are either available for anyone to see, or risk being posted at the hacker’s whim?
The thing that gets me here is that if the hacker was genuinely concerned about the vulnerability on the site, why didn’t he follow more responsible disclosure practices?
For instance, he could have called Brazzers, explained the situation and given them an agreed amount of time to fix the problem. Granted though, this wouldn’t have gotten the headlines.
Another approach would have been to contact a single journalist and showed him/her the vulnerability in action. This would have protected the site’s customers much better and alerted us all once again to the vulnerabilities that exist on the web.
But there is a take-away for us all here – individuals and companies alike: Good housekeeping matters. Make sure to close down accounts and websites you no longer use. Leaving them unpatched, vulnerable and connected is just trouble waiting to happen.