Porn Blocking App ‘BlockerX’ Failed to Secure Its User Database Properly
- Vulnerable users of a porn-blocking app have had their email addresses exposed via an unprotected database.
- The instance was secured quickly, but it may have stayed online and accessible by anyone for a long time.
- Users are now running the risk of being extorted by malicious individuals who threaten to expose their porn addiction.
‘BlockerX’, a porn blocking application, has failed to protect its Amazon AWS instance, and the result was the exposure of its userbase, their personal details, screenshots, network details, and more. The discovery of the accessible database comes from researcher Jeremiah Fowler who has found the unprotected instance on August 2, 2021. The owner of the app (and by extension the database), Atmana Innovations, responded immediately and secured the data within a couple of hours, but the period of exposure remains unknown.
‘BlockerX’ is a subscription service that comes in the form of an app, costing users $7.5 per month or $180 in a single lifetime payment. The app can block or filter adult content in real-time while browsing the web, thanks to a system or web request APIs and keywords. The firm claims to have over a million users from at least 63 countries, so this exposure is partial.
The exposed database contained 121,624 records, with 72,000 of them stored in a “users” folder. The records included user posts in plaintext form, user names, email addresses, and encrypted real names, user attachments, and screenshots. Because the names were encrypted, anyone accessing or downloading that data cannot find out who is using BlockerX, but Fowler points out that the used encryption isn’t very strong and could be broken if hackers put in the effort.
The real danger for the exposed users here is extortionists who could use the exposed email addresses, threatening to publish the fact that they have a porn addiction and need an app to help them abstain. Also, some of the screenshots and texts are very revealing and disturbing, further increasing the risk of successful blackmail.
It is understandable that these users are in a vulnerable position and already struggling with an addiction that is a source of enough problems on its own, so BlockerX’s failure to protect their sensitive data comes as a particularly risky error.
If you are among the potentially exposed users of BlockerX, report any blackmail attempts to the police and also seek psychological help from a professional if you need it. Remember, giving in to extortionists is only a green light for them to continue indefinitely, so there will be no end to the vicious circle.