SQL Injection Allowed Hacker to Steal Data of 237,000 Users from Adult Site

Over 237,000 pornographic Network Users data Stolen and Exposed on Dark Web After pornographic Website Hack — “Poor Practices” of  adult Network irked hacker so much that he hacked the website and placed user data on the Dark Web.

Team Skeet adult website got hacked after a hacker obtained access to its administrative functions. After the hack, the user data stored on the website was being advertised on the Dark Web.

The data that got stolen probably included email addresses, names, IP addresses, physical addresses and plain text passwords of over 237,000 adult network users. The hacked database also included information of Paper Street Media/PSM adult network’s users as well.

The data is currently available for sale on the Dark Web by the hacker who is using the handle TheNeoBoss on the Dream Market. He is offering the data for around $400 in the form of 0.962 bitcoins.

While speaking to Motherboard on an encrypted chat session, the hacker stated that he hacked Team Skeet because he wanted to “publicly shame them for their poor practices.”

The hacker has been sharing data from the stolen database gradually with Motherboard. The previous week, he sent the first installment of 64 users’ data out of which 56 were associated with Team Skeet. Later, over 8,000 credentials were shared with Motherboard and after cross checking, a majority of the IDs were found to be associated with the adult network. TheNeoBoss also sent Motherboard a screenshot to prove that he did possess data of more than 237,000 users, but the website couldn’t confirm its legitimacy.

The problem is that a lot of users were associated with more than one adult networks. Therefore, those having an account on Team Skeet and the same credentials on other sites like Exxxtra Small, Teen Curves, Teen Pies, CFNM Teens and Innocent High, were unable to use their IDs from other sites. According to Team Skeet, they offer their users access to 23 different adult sites.

PSM CTO Jamal Hussain states that this breach didn’t happen recently because “the data is from a breach that happened in 2008.” Hussain further noted that his company was “asked for a ransom” which they decided not to pay and instead made security updates.

Since then, they never faced any issues or threats as “there was no credit card info taken and all accounts were no longer valid for our members area.”

“We work with a high-quality security firm and have had no reports or issues with any breaches recently,” Hussain added.

No comment has been received from the FBI in this regard as of now.

The NeoBoss said he obtained some of the data via an SQL injection, an established attack to which many sites are vulnerable. He also claimed to have other forms of access to the PSM system, which he said the company had started to shut off.

The hacker allegedly tried to warn PSM of the website’s vulnerabilities and asked if the company ran a bug bounty program. PSM “didn’t seem to care,” the hacker said.

Related Posts