No web-connected service is safe. If you need more proof of this, consider a recent alleged attack on a porn site that apparently gave a hacker access to more than 237,000 accounts. In the aftermath of the Apple vs. FBI squabble over iPhone encryption, this is a reminder that strong security is needed for connected devices and products.
DON’T MISS: April Fools’ roundup: All the best jokes from around the web
According to Motherboard, an unknown hacker claims to have stolen the login credentials belonging to users of a porn website called Team Skeet, part of the Paper Street Media (PSM) network.
Motherboard was able to verify some of the credentials the hacker offered, but couldn’t confirm whether the hacker indeed had access to that many accounts or whether they were stolen in a recent heist.
“I want to publicly shame them for their poor practices,” the hacker says.
He’s now selling the credentials on the dark web for almost one bitcoin, or around $400 each. The data includes user names and passwords, as well as physical addresses and emails. The hacker told Motherboard he had access to credit card data but did not take it. The credentials, however, supposedly work on 23 online properties belonging to PSM.
Meanwhile, PSM representatives claim that the breach dates back to 2008. Since then, the security of the network was improved, after PSM decided against paying the ransom.
PSM further said that the company doesn’t erase usernames, which explains the number of items in this database. However, as a username expires, it loses access to the sites.
Even so, the hacker proved to Motherboard that he or she could breach the Team Skeet website by briefly defacing it on March 31st. This suggests PSM’s security isn’t as strong as initially believed.
It appears the hackers tried to contact PSM before reaching out to the press by inquiring whether there’s a bug bounty policy in place with the company. But PSM “didn’t seem to care.”