Adult Cam Site “CAM4” Has Exposed Highly Sensitive Data of Millions of Its Members and Users
Last updated September 25, 2021
- “CAM4” has exposed its entire userbase by leaking 7 TB of data online via an unprotected database cluster.
- The live streaming platform is very popular in the field, and it’s used by millions of people from around the world.
- The exposed details include full names, credit card details, email addresses, conversations, and many more.
All breaches that expose PII (personally identifiable information) are bad, but those that come from adult websites are definitely the worst. CAM4, an adult live streaming platform that has around two billion unique visitors every year, has misconfigured an Elasticsearch cluster leaving a set of production databases unprotected online and accessible by anyone with a Web browser. The discovery was the work of security researcher Anurag Sen, and while the response from the CAM4 team was immediate, the exposed records could have been copied by someone in the meantime.
Source: safetydetectives.com
The information that has been exposed includes the following details:
- First and last names;
- Email addresses;
- Country of origin;
- Sign-up dates;
- Gender preference and sexual orientation;
- Device information;
- Miscellaneous user details such as spoken language;
- Usernames;
- Payments logs including credit card type, amount paid and applicable currency;
- User conversations;
- Transcripts of email correspondence;
- Inter-user conversations;
- Chat transcripts between users and CAM4;
- Token information;
- Password hashes;
- IP addresses;
- Fraud detection logs;
- Spam detection logs.
The number of records is 10.88 billion, so the amount of data that has been exposed is humongous. As expected, not all records are equally rich - some include payment details (credit cards and payment amounts), hashed passwords accompany others, and some have multiple email addresses connected with a single username. With all that was leaked, malicious actors could extort the exposed individuals, scam them, phish them, and generally set up highly targeted fraudulent operations. Blackmailing is the worst-case scenario, though, as many of the cam models on these platforms wouldn’t want their direct social circle or family to know about their side job.
Source: safetydetectives.com
The largest number of records concern users from the United States, and then there are many Brazilians, Italians, Germans, and users from Spain and France. The researchers have also located information that could enable actors to launch attacks on the website, as backend data was available for harnessing too.
In general, you shouldn’t trust any online platform with your identity, let alone those that can potentially radically affect your life. Thus, use anonymous email addresses, don’t connect social media accounts with these platforms, only give out the least possible identification details required for your registration, avoid using credit cards as a payment method, and always use unique and strong passwords.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular