Security

‘SextPanther’ Exposed Thousands of User Identification Documents

By Bill Toulas / January 25, 2020

SextPanther, a US-based adult entertainment website that recruits cam girls, has exposed thousands of identification documents of its models. The data that was leaked through an unprotected Amazon Web Services (AWS) storage bucket include 11000 photo IDs, Social Security numbers, driver’s licenses, and passports. These documents were uploaded by the models that need to verify themselves before they can register on the platform. This is because the models are getting paid depending on how many users are watching their live cam feeds, how many tokens they use on them, and what traffic they generate for SextPanther.

Most of the models that were exposed as a result of this incident come from the United States, but there are also many from Canada, India, and the United Kingdom. The discovery of the leaky bucket was the work of TechCrunch, who asked a penetration testing expert to help them identify who the owner was. After SextPanther was confirmed to be the owner, a notification was sent to the admins and the bucket was retracted from the server. The next step for the platform was to notify their legal and security teams as they needed to evaluate the damage that has been done.

Admittedly, that damage could potentially be a lot more significant than any amount of earnings they may have generated through their activity in the adult entertainment platform. In the exposed documents, there are full names, home addresses, dates of birth, and more than 100000 photos and videos that were shared between models and users privately. This is catastrophic for the exposed individuals, as the sex workers are very often subjects of the lust of sociopaths. Thus, this is not just “another data leak”, but an incident that introduces serious risks for the models that were registered on SextPanther, as stalkers now know who they are and where they live.

The worst thing is that there’s a growing trend towards “custom porn experiences” which helps the field of private cam platforms flourish. With this development, we are seeing an increase in the number of security incidents that expose the models. Last week, Noam Rotem and Ran Locar of VPNMentor discovered another leaking S3 bucket containing almost 20 GB of identification details from 875 thousand files. Upon further investigation, the owner of that database was found to be “PussyCash”, another private cam affiliation platform. That said, if you are going for a quick buck and you don’t mind exposing your body, maybe you should consider what other personal information you would accept to expose in exchange for some cash.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari