SophosLabs: Want a free password for one of the world’s most popular adult websites?
YouPorn, one of the world’s most popular porn video websites and one of the top 100 websites of any kind in the world, appears to have been caught with its pants down – after a list of many of its users’ email addresses, passwords and dates of birth were left exposed on a public-facing server.
According to security blogger Anders Nilsson, the credentials of well over a million YouPorn users were publicly accessible.
Unlike the recent Brazzers porn site hack, however, sloppy practices are being blamed for the YouPorn incident, with debug data about users seemingly being stored in a public fashion since 2007.
Hackers have been sifting through the information, and in some cases republishing it elsewhere online. So even though YouPorn appears to have now shut down the offending server – its users remain exposed.
This is one of those cases where it’s not just bad to have your password exposed – it’s actually potentially worse to have your email address connected with this breach too.
You can imagine how employers and marital partners may be less than impressed to find you are registered for a website like YouPorn. And their discovery of your porn penchant is only a search and a click away.
But more than the embarrassment factor, there’s also a security issue here. We know that many internet users adopt the same password for multiple sites.
So, if your YouPorn password is now known, hackers might try that same password against your email address, your PayPal account, your Amazon account, and all many of other online resources.
If you are still using the same password on multiple sites, please change your dirty habit now.
But it’s unlikely that the victims of this data breach will be finding things so amusing.
At the time of writing, there is no mention of the apparent data loss on YouPorn’s official blog (no, we’re not linking to it) or Twitter account.
Update: YouPorn has attempted to clarify the situation, explaining that only YouPorn chat users have been affected by the incident. The chat feature is run by an undisclosed company that is not directly associated with YouPorn. YouPorn has since removed the chat feature from its web site.