Security Forum Hacked and the Data of 250,000 Users Exposed

By Bill Toulas / October 11, 2019

By leveraging the recently disclosed vulnerability in the vBulletin Internet forum software, hackers have accessed the internal database of, a forum that is dedicated to all things Dutch prostitution. From actual sex workers to customers or aspiring clients, approximately 250,000 users have had their personal data stolen. The moderator of the forum responded by saying that they immediately took action and applied the fixing patch that was released by vBulletin. However, the data breach occurred, and there’s nothing that can be done to retract that.

The data that is soon to be put up for sale on darknet forums include user login credentials, so everyone will have to reset their passwords. In addition to this, the moderator has stated that the platform is planning to take legal action against those who sell their user information online. Now, the problem with leaks such as this one is that many people take part in either side of prostitution incognito. For example, a user who is sharing his experience as a client with hookers in Amsterdam wouldn't want other forum members or anyone else to get to know his/her real name. Prostitution in the Netherlands is legal, but privacy is still a highly sensitive subject.

That said, many of the 250,000 users who have had their personal data exposed may now fall victims of blackmail, which is the worst type of targeting one can sustain. Besides the email addresses, which are oftentimes enough to reveal a person’s real name, the stolen data also includes the IP addresses of the users. The passwords that have been stolen are encrypted, but no details about the encryption algorithm were provided, so it may be possible to crack it. The Dutch news outlet claims to have spoken with the hacker by pretending to be a buyer, so they got a sneak preview and confirmed that they could make out real names.

According to the same publication, the hacker isn’t considering what he’s done with a serious crime, stating that there are thousands of websites that get hacked every day, and the question is not if you get hacked but when that happens. He said “he’s not the devil”, knows that there are many people out there who would pay large amounts to buy this data and don’t care what they’ll do with it. If you are one of the exposed and you are approached by an extortionist, don’t pay any amounts to them. Instead, report the threats to the authorities and they’ll take it from there.

Can you share anything relevant to the above with us? Feel free to do so in the comments down below, or on our socials, on Facebook and Twitter.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari