Adult Cam Website ‘Stripchat’ Exposes User and Model Info in Data Leak

  • An adult cam website exposed the data of users and models alike through a database left exposed online.
  • The leak contained approximately 200 million records had multiple references to Stripchat.
  • The database was indexed in early November and the researchers contacted the website upon discovery.

Researchers discovered a database consisting of around 200 million records left unprotected online that had many references to user and model personal information and other details belonging to the live sex cam website Stripchat. The blunder was discovered in early November and communicated to the said website through email and Twitter, but the researchers did not get an answer.

The Comparitech cybersec research team led by Bob Diachenko discovered the exposed data set that could be accessed freely online, without a password or any other authentication, on November 5. After they determined the owner, they sent an alert to Stripchat, a company founded in 2016 and incorporated in Cyprus, so the database was secured on November 7.

The exposed data seemingly about the site’s users and models included usernames, email addresses, and IPs among other details. The Elasticsearch cluster had a total of 200 million records from several data sets, of which some 65 million had all or some of the details below.

  • Email address
  • Username
  • IP address
  • ISP
  • Tip balance
  • Timestamp of account creation
  • Timestamp of last activity
  • Blocked status

About 421,000 records belonging to models exposed some or all of the following:

  • Username
  • Gender
  • Studio ID
  • Live status
  • Tip menus and prices
  • Strip score

The researchers found a transaction database of 134 million records as well that had information about tokens and tips paid by users to models, including private tips, and a moderation database of 719,000 chat messages sent to models, including both private and public messages, that displayed the user ID of the watcher who sent the message.

Needless to say, the exposed information could lead to extortion, fraud, or harassment if ending up in the hands of hackers. This disclosure aims to raise cybersecurity awareness and curb harm to end-users.



Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari