Just a couple of days ago it was reported that France’s largest newspaper Le Figaro exposed 8 terabytes of data containing 7.4 billion records. Now, the adult streaming site CAM4 has leaked 7 terabytes of data containing 10.88 billion records. Simply put: It’s raining terabytes of data per day.
Owned by Granity Entertainment in Ireland; CAM4 offers adult entertainment through live webcam performances. While signing up is optional, some services are only offered to those who have an account on the site and willing to pay using their credit or debit card.
Bonus: Best legal & free online streaming sites for movies & TV shows 2020 (no signup or payment card required)
However, the IT security researchers at Safety Detectives discovered CAM4’s database exposed to public access without any security authentication on a misconfigured Elasticsearch server.
In an analysis, researchers revealed that the database leaked 11 billion records with 11 million email addresses along with 26.3 million passwords hashes.
Other data included the company’s production logs dating from March 16th, 2020, personally identifiable information (PII) like full names, usernames, gender, country, IP addresses, conversations, spam and fraud logs, and payment logs including credit card type, etc.
“The availability of fraud detection logs enables hackers to better understand how cybersecurity systems have been set up and could be used as an ideal verification tool for malicious hackers, as well as, enabling a greater level of server penetration,” researchers wrote in a blog post.
On the other hand, most impacted users were found to be from Brazil, Italy, and the United States while most of the email addresses were based on Gmail, Hotmail, and iCloud.
Although it is unclear if the data belonged to customers or content creators, the fact that CAM4 had its database exposed to the public is enough to imagine the upcoming damage in case a third-party with malicious intent got their hands on it.
Moreover, it also puts customers and content creators at risk of blackmailing, identity theft, and extortion scam.
Cybercriminals can also leak the data on hacker forums or dark web marketplaces just like it was done recently when personal details and phone numbers of 42 million Iranians were exposed on an Elasticsearch server and ended up on dark web and hacker forum for sale within days.
If you are on CAM4, change your password and get in touch with the company about the breach. For your information, since the database contained information of European users CAM4 should expect a hefty GDPR fine.