Adult Cam Website ‘Stripchat’ Exposes User and Model Info in Data Leak
- An adult cam website exposed the data of users and models alike through a database left exposed online.
- The leak contained approximately 200 million records had multiple references to Stripchat.
- The database was indexed in early November and the researchers contacted the website upon discovery.
Researchers discovered a database consisting of around 200 million records left unprotected online that had many references to user and model personal information and other details belonging to the live sex cam website Stripchat. The blunder was discovered in early November and communicated to the said website through email and Twitter, but the researchers did not get an answer.
The Comparitech cybersec research team led by Bob Diachenko discovered the exposed data set that could be accessed freely online, without a password or any other authentication, on November 5. After they determined the owner, they sent an alert to Stripchat, a company founded in 2016 and incorporated in Cyprus, so the database was secured on November 7.
The exposed data seemingly about the site’s users and models included usernames, email addresses, and IPs among other details. The Elasticsearch cluster had a total of 200 million records from several data sets, of which some 65 million had all or some of the details below.
- Email address
- Username
- IP address
- ISP
- Tip balance
- Timestamp of account creation
- Timestamp of last activity
- Blocked status
About 421,000 records belonging to models exposed some or all of the following:
- Username
- Gender
- Studio ID
- Live status
- Tip menus and prices
- Strip score
The researchers found a transaction database of 134 million records as well that had information about tokens and tips paid by users to models, including private tips, and a moderation database of 719,000 chat messages sent to models, including both private and public messages, that displayed the user ID of the watcher who sent the message.
Needless to say, the exposed information could lead to extortion, fraud, or harassment if ending up in the hands of hackers. This disclosure aims to raise cybersecurity awareness and curb harm to end-users.