The leaked data encompassed a vast array of information from the logging database containing around 14.7 million records, totalling a size of approximately 19.17 GB, to the AWS cloud storage which held over 3.5 million files, collectively amounting to 700 GB.
Key Findings
- Security researcher Jeremiah Fowler uncovers major data breach in Brazilian escort service, Fatal Model.
- Two unprotected databases revealed over 18 million records, containing personal details of clients and escorts, including email addresses and account info.
- Access keys and AWS storage information for the Fatal Model were exposed in the breach.
- Breach exposes vulnerabilities across different sectors of the company’s network; the logging database is secured promptly, AWS database is accessed until responsible disclosure.
- Exposed data includes records from a logging database (14.7 million records) and AWS cloud storage (3.5 million files); poses privacy risks, and potential extortion, and exposes development files’ security implications.
The cybersecurity Jeremiah Fowler has recently uncovered a major data breach affecting a prominent Brazilian escort service and application known as the Fatal Model.
Fowler, who brought the breach to the attention of cybersecurity resource WebsitePlanet, discovered two non-password protected databases containing a staggering total of over 18 million records. These records, belonging to the Fatal Model, included personal details of both clients and escorts, such as email addresses, account information, and device data.
Unsurprisingly, Fowler also identified that access keys and storage information of Fatal Model’s Amazon Web Services (AWS) storage account were exposed in the breach.
The breach highlights the cascading impact of a single data exposure, as vulnerabilities were unveiled within different sectors of the company’s network. While the logging database was promptly secured upon discovery, the AWS database remained accessible until Fowler issued a responsible disclosure notice. Fatal Model’s team exhibited a swift response in securing the exposed data.
The scale of the Data Leak
The exposed data encompassed a vast array of information from the logging database containing around 14.7 million records, totalling a size of approximately 19.17 GB, to the AWS cloud storage which held over 3.5 million files, collectively amounting to 700 GB.
Within the “2022” folder of the AWS account, there were approximately 35,400 escort accounts accompanied by images and videos. A subsequent “2023” folder contained an estimated 33,900 escort accounts, each complete with verification media.
Additionally, the breach revealed application files, development materials, admin access tokens, user device data, email addresses, names, and user ID numbers.
According to Fowler’s report, the Fatal Model employs advanced technology to authenticate the identities of escorts and clients, indicating that the leaked data pertains to actual individuals. The exposed verification procedures employed biometric software to validate users through facial recognition technology.
Privacy Risks and Future Implications
The exposed information carries significant privacy risks for both escorts and clients of the service. Escorts and clients rely on the privacy afforded by such platforms, and the leakage of personal data and images could lead to harassment and reputation damage.
The breach raises the spectre of potential extortion or blackmail campaigns by cybercriminals seeking financial gain through public exposure of sensitive information.
The breach also shows the security implications of exposed development and installation files. The leaked JavaScript files may contain sensitive client-side code, including API keys and authentication tokens. If exploited, this data could grant unauthorized access to systems and resources, posing a considerable threat.
Additionally, the exposed software development kit (SDK) files could reveal proprietary algorithms and organizational strategies, potentially undermining both the business and its users.
Mitigating the Impact
For individuals impacted by data breaches, taking these steps can help mitigate potential fallout:
- Monitor Key Accounts: Regularly review login details and IP locations, as well as monitor financial and social media accounts for unauthorized activity.
- Update Passwords: Change leaked passwords and enable Two-Factor Authentication (2FA) for enhanced security.
- Beware of Phishing: Exercise caution with unsolicited emails or messages requesting personal information, and avoid sharing such details via email or phone.
RELATED NEWS
- Personal & banking data of 120 million Brazilians leaked online
- Ransomware attack on top Brazilian court encrypts files, backups
- Brazilian marketplace integrator Hariexpress exposed 1.75 billion records
- Brazil’s cosmetic giant Natura leaked 192 million records with payment data
- Brazilian Crypto exchange hacked; private data of over 264,000 users exposed