PornHub Gets Hacked Days After Launching Bug Bounty Program

A teen hacker has taken over PornHub servers and sold the data for $1000 — PornHub claims it’s just a hoax!

The famous adult content website PornHub launched its bug bounty program just a few days ago amid increasing malware attacks but before someone can report bugs on their site a hacker already breached and stole their database.

A young hacker who popularized himself as the username Revolver has claimed that he hacked into Pornhub server. That’s not all, the 19-year old hacker also claimed to have sold the access to the server for $1000. As per reports, the hack occurred this weekend when a researcher with the Twitter handle 1×0123 informed the public about the fact that shell access to a Pornhub subdomain was available for sale. The access was offered for $1000. Considering the massive popularity of Pornhub and the high traffic that it daily attracts (approx. 2.1million visits in an hour) this figure not only appears ridiculously meager but also hard to believe that the hacker has sold it for such less amount.

To prove his claim that he has access to Pornhub, Revolver also posted some pictures on Twitter and explained that he managed to compromise the server by exploiting a flaw in its user profile’s upload picture feature. The upload picture mechanism was flawed and this was identified by the hacker and as soon as he uploaded the shell on the server, he was able to gain full control of the environment.

Salted Hash contacted 1×0123 and go the information that the deal has been confirmed by the hacker and also wrote that:

“Pornhub contacted Revolver for more information. He offered to share those details and help patch the vulnerability that allowed such access, for a total cost of $5,000 USD. It isn’t clear if the adult entertainment giant agreed to those terms.”

We could not gather more information about this hack and as of now just that the flaw that the hacker has identified is not the ImageMagick flaw that has been discovered recently.

Android Ransomware Hidden Behind Fake Pornography App SQL Injection Allowed Hacker to Steal Data of 237,000 Users from Adult Site

A Pornhub representative also confirmed that the shell has been uploaded and informed that the company was investigating the issue. 1×0123 is a popular researcher in the security fraternity.

In April, he offered access to the LA Times website as he had managed to exploit a flaw in the website’s Advanced XML Reader WordPress plugin and also claimed that he has identified an SQL injection on one server of Mossack FonescaHe is the same to whom Edward Snowden said thanks for identifying and reporting Piwik vulnerability.


CSO contacted PornHub again and the representatives claim the whole incident was a hoax. Click here to go through the update!

Related Posts