- MyFreeCams had suffered a data breach ten years ago, but the data has appeared for sale just now.
- The seller has already made $21,600, so at least 14 people have bought the old dataset.
- The platform has informed the affected users and reset all passwords, but this is not enough to deal with all the problems.
Data breaches and subsequent leaks are always unfortunate events, but when they concern sensitive user information, the implications for the exposed users are magnified. As first reported by CyberNews, this is the case with MyFreeCams.
The platform suffered a data breach that resulted in the exfiltration of two million user records from the adult streaming site. Unfortunately for the users, the stolen data has already been put up for sale on hacker forums, and the price tag was set to $1,500 paid in Bitcoin for every batch of 10,000 user records.
The hackers exploited an SQL injection flaw that was present on the site and stole all the sensitive details of the premium members of the MyFreeCams platform, as those are registered there. That would include usernames, email addresses, MFC Token amounts, and even passwords in plain text form. Obviously, this creates the potential for account takeover attacks, credential stuffing attacks on other websites, extortion, blackmail, scamming, phishing, and spamming.
The platform confirmed that the leak was genuine, so there’s no doubt about that. Additionally, they have informed the affected users and reset their passwords to prevent unauthorized access to their accounts.
According to the findings of the subsequent investigation, the security breach that resulted in this data leak actually occurred ten years ago, in June 2010, and the SQL flaw that was exploited was shut shortly after the unfortunate incident took place.
So, someone held that data for over ten years now, not selling, leaking, or sharing it with anyone else. That is quite weird and unusual, but it goes to show that even a decade-old data still holds significant value. So far, the pack’s seller has made 45 transactions, so they made about $21,600 already.
These credentials may have already been exploited by the original holder of the data, who had the comfort to do it without MyFreeCams knowing about it for such an extensive period of time. This is possibly the final act in this successful hack, making the last bit of money that can be squeezed out of this pack.
If you are a member of the platform, reset your account password immediately and use something strong and unique. If you may be using the same credentials elsewhere, reset the passwords from there too. Finally, ask the platform to add 2FA for increased account security, as that would have saved all of the compromised accounts from hacker access.