The digital world is once again marred by a leak of highly sensitive data that exposes millions of users to attempts at blackmail, identity theft and fraud.
A security team researchers led by Anurag Sen recently discovered a leaked database from CAM4, a popular adult live streaming website. Installed on an improperly configured Elasticsearch server, the insecure database exposed approximately 7TB of personal information from users and platform members.
Among the pool of 10 billion records, analysts uncovered information about CAM4 users, including:
• First and last name • Email addresses and hashed passwords • Country of origin and registration dates • Gender preference and sexual orientation • Device information • Various user information such as spoken language • Usernames and user conversations • Payment logs, including credit card type, amount paid and applicable currency • Transcripts of electronic correspondence • Inter-user conversations • Transcripts of discussions between users and CAM4 • News on tokens • IP addresses • Fraud and spam detection logs
After gathering the personal information, the team was able to identify 11 million records containing email, 26.3 million containing hashes of passwords, and less than 1000 revealing full names, types of cards. credit and amounts paid to display explicit content on the website.
“US, Brazilian and Italian users were hit the hardest, although the precise number of email records is difficult to accurately assess due to the duplication of multiple entries,” the researchers said.
“The fact that a large amount of email content comes from popular domains like Gmail, Hotmail, and iCloud – domains that offer additional services like cloud storage and business tools – means users Compromised CAM4 could potentially see huge volumes of personal data including photographs, videos and related business information leaked to hackers – assuming their accounts were ultimately hacked by phishing, for example, ”said they added later.
Although the database was immediately deleted by parent company Granity Entertainment, the logs date back to March 16 and cybercriminals could have already recovered the information.
Plus, let’s not forget the Ashley Madison data breach scandal – victims are still the target of blackmail and sextortion campaigns 5 years after the incident.
Given the sensitive nature of the information exposed, the consequences of the recent data breach could have serious consequences, leaving CAM4 members vulnerable to targeted attacks and phishing emails. In addition to the financial losses that may arise, victims may suffer damaging psychological effects following multiple attempts at blackmail or defamation.
*** This is a Syndicated Security Bloggers Network blog by HOTforSecurity written by Alina bizga. Read the original post on: https://hotforsecurity.bitdefender.com/blog/cam4-data-leak-exposes-personal-data-of-millions-of-users-23181.html