Another week, another massive data leak. This time around, it’s 800,000 accounts from iconic porn site Brazzers. Although the data originated from their forum, users who have never signed up may be caught up in the breach.
The data was passed to Vice’s Motherboard publication by breach monitoring site vigilante.pw for verifications purposes. It found that the dataset contains 928,072 individual records, with 790,724 unique email addresses, as well as many usernames and plaintext passwords. Many of the entries were duplicated or inactive accounts.
Like most of the recent breaches we’ve seen (including LinkedIn, DropBox, and Last.fm), this data hails way back to 2012.
According to Matt Stevens, PR manager for Brazzers, “This matches an incident which occurred in 2012 with our ‘Brazzersforum,’ which was managed by a third party. The incident occurred because of a vulnerability in the said third party software, the ‘vBulletin’ software, and not Brazzers itself.”
He further adds that: “users’ accounts were shared between Brazzers and the ‘Brazzersforum’ which was created for user convenience. That resulted in a small portion of our user accounts being exposed.”
The Brazzers forum allowed users to discuss scenes from Brazzers porn films, chat about individual actors and actresses, and request specific scenarios they’d like to see in future films. Brazzers has taken the forum down for “maintenance”, with no word on when it’ll be back up.
For the users who have been caught up in the leak, this spells bad news. After the Ashley Madison leak, there was a surge in related extortion attempts. While the same level of data wasn’t stored on the Brazzers forum, it is possible that something similar could happen here.
If you think you might have been caught up in this, you can check on Troy Hunt’s Have I Been Pwned. Should you get the bad news, you’d be well advised to change your password on any site where you reused your BrazzersForum one.
Get the TNW newsletter
Get the most important tech news in your inbox each week.