A minimum of 790,724 unique email addresses and passwords belonging to registered users of the porn site Brazzers have been dumped online.

The details were generously offered by a data breach-monitoring site and seem to belong to accompanying user forum, "Brazzersforum."

Motherboard reports that albeit the user forum is separate from the Brazzers website, the databases of the two are connected.

Troy Hunt, a security analyst that runs the site Have I Been Pwned?, is a third party who helped confirm the breach. He notes that each entry in the list contains an username, an email address and a password. What is worse, all the credentials are found in plain text, meaning that they are a hacker's gold mine.

Matt Stevens, a spokesperson for Brazzers, admitted that the incident involving the publication of users' details mirrors an incident that took place four years ago. He notes that, at the time, the forum was managed by a third party. At the time of the writing, Brazzersforum.com shows an "under construction" status.

Stevens mentions that the 2012 incident happened as a direct result of the third party's software vulnerability. According to Stevens, "the 'vBulletin' software, and not Brazzers itself" was to blame. He goes on to acknowledge users' accounts "were shared between Brazzers and the 'Brazzersforum,'" which was a measure motivated by user convenience.

"We took corrective measures in the days following this incident to protect our users," Stevens mentions.

However, the recent security breach led to "a small portion of our user accounts being exposed."

According to the vBulletin website, the software is a forum-publishing tool that got updated in August to version 5.2.3.

Hunt underlines that sites that make use of vBulletin were vulnerable to hacking, especially if they were left in a state of disrepair. He explains that although a number of vulnerabilities were identified and patches were issued by the developers, site admins who kept the pages in the same state led to "breaches like this one."

Those who want to see whether their or a family member's credentials were exposed in the dump can do so by going to Have I Been Pwned?

Another sensitive account information leak that rocked the virtual and real worlds took place last year, when the Ashley Madison hack exposed the private lives of 32 million users.

Security experts agree that the best course of action in these cases is to have unique passwords and emails for sensitive sites, never enter your real name, or better yet, keep away from such sites altogether.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion