• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 9th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

Pornhub hacked: Hackers go away with $20,000 instead of exposing flaw

July 26th, 2016 Ali Raza Hacking News, Security 0 comments
Pornhub hacked: Hackers go away with $20,000 instead of exposing flaw
Share on FacebookShare on Twitter
Pornhub gets hacked: Hackers go away with $20,000 instead of exposing user’s preferences

Porn sites have an amazingly huge number of subscribers. For porn site users, hacks of their preferred sites are nothing but nightmares. Everyone, including their family and friends, gets to know their squalid hobby. For Pornhub user were next on the list of shame. A group of hackers managed to access the data of millions of users of the site. Unlike the Ashley Madison’s case, Pornhub users are safe.

Pornhub, with the intention of keeping its site secure, launched a competition for hackers and security analysts to find vulnerabilities in the site. Two hackers exposed vulnerabilities that attackers can exploit remotely to access users data. Pornhub rewarded the hackers $20,000 for revealing the weaknesses.

PHP vulnerability exposed the users’ data. The vulnerability assured the hackers code execution permission. In June, PHP patched the bug. The flaw connects to a use-after-free memory bug that is a result of PHP’s garbage collection algorithm interaction with other PHP objects. The vulnerability thus allowed unauthenticated tracking of users activities in Pornhub.

The most dangerous aspect of the bug is the fact that it allowed code execution on the site’s servers. Hackers could erase all data on the site and download whatever data they needed, explained Ruslan Habalov, a computer science student in Germany. The student, studying at RWTH-Aachen University, was among the group that discovered the security flaw.

Pornhub is not a site to take security flaws for granted given it has over 60 million visitors a day. If a hacker exploited the flaw, the results would be disastrous due to the volume of subscribers of the site.

According to Evonide, Pornhub awarded the security researchers a $20,000 bounty and the grouped received another $2,000 prize from the Internet Bug Bounty Committee. They received the awards through HackerOne bug bounty program. The researcher reported the bug on May 30, a few weeks after Pornhub launched the bug competition.

“The bug connected two seemingly disparate aspects of PHP to create vulnerability,” Habalov explained. According to the computer science student, the site was transmitting data via PHP’s unserialize function and PHP’s garbage collection algorithm. The use-after-free PHP bug and the unserialize function PHP bug presence made code execution on Pornhub servers possible. Each of the bugs earned the two researchers $1,000 from the Internet Bug Bounty Committee.

[fullsquaread][/fullsquaread]

Pornhub was quick to respond to the flaw security report. The company removed the unserialize function with PHP a few hours later. In June the site patched the security flaw. The hackers had no use for the data. Instead, they sent the report to Pornhub. If only all hacker were this noble.

  • Tags
  • Bug Bounty
  • hacking
  • internet
  • Pornography
  • security
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Internet in Mumbai Goes Slow As ISPs Suffer Massive DDoS Attacks
Next article 'No More Ransom' Anti-Ransomware Portal; Recovers Encrypted Data for Free
Ali Raza

Ali Raza

Ali Raza is a freelance journalist with extensive experience in marketing and management. His work has been featured in many major crypto and tech websites including Hacked, Hackread, ValueWalk, Cryptoslate, CCN, and Globlecoinreport to name a few. Raza is the co-founder of 5Gist.com, too, a site dedicated to educating people on 5G technology.

Related Posts
European Banking Authority victim in Microsoft Exchange Server hack

European Banking Authority victim in Microsoft Exchange Server hack

FluBot Android malware mimics FedEx, Chrome apps to steal user data

FluBot Android malware mimics FedEx, Chrome apps to steal user data

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
European Banking Authority victim in Microsoft Exchange Server hack
Hacking News

European Banking Authority victim in Microsoft Exchange Server hack

FluBot Android malware mimics FedEx, Chrome apps to steal user data
Android

FluBot Android malware mimics FedEx, Chrome apps to steal user data

John McAfee Charged with Fraud in Cryptocurrency Scam
Cyber Crime

John McAfee Charged with Fraud in Cryptocurrency Scam

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us