A company that runs several sites featuring camworkers left the back-end database unprotected, allowing the data of hundreds of thousands—if not millions—of customers and sex workers to be exposed.
TechCrunch reports that researchers at cybersecurity firm Condition:Black uncovered that VTS Media, a Barcelona-based company, left its database exposed. VTS runs “camgirl” networks like webcampornoxxx.net, placercams.com, and amateru.rv, which is among the most popular in Spain, according to Alexa. TechCrunch found that most of the sites’ users live in Europe, but the sites also have U.S. traffic.
This exposed database, which was not password protected, reportedly held a few months of site activity logs, including usernames and IP addresses, and records of when the users were active on the sites. The database also held chat messages between users and showed what videos customers were viewing. The data was not encrypted and passwords and usernames were stored in plaintext, according to TechCrunch. The outlet was able to use identifiable information like email addresses to uncover some users’ identities.
Data belonging to sex workers who use the platforms were also exposed by the exploit.
“This was a serious failure from a technical and compliance perspective,” John Wethington, Condition:Black founder, told TechCrunch. “After reviewing the sites’ data privacy policy and terms and conditions, it’s clear that users likely had no idea that their activities being monitored to this level of detail.”
Reached for comment by Gizmodo, VTS Media company spokesperson Hector Ros Oliver shared a published a statement that denied some of the reporting from TechCrunch—namely that all of the data stored in the company’s “main database is encrypted and unreachable,” that passwords were not exposed, and that the breach affected 330,000 users‚ not millions, as reported by TechCrunch.
This is just one of the latest examples of leaked data that could potentially be used to blackmail users. Earlier this year, the dating app 3Fun exposed the data of 1.5 million customers, and it’s been three years since hackers leaked user data of Ashley Madison, a site made for people having affairs. It’s safe to say that anyone using a site for sex should be prepared for their data to be exploited.