Team members of a blog about VPN providers have discovered that numerous data and profile histories of over 1 million users of the porn site Luscious.net were accessible to hackers. The data could be used to partially identify and blackmail users.
A VPNmentor research team has published an article warning of a huge data leak on the porn site Luscious.net. Millions of user data could be collected by hackers and misused for criminal purposes.
The VPNmentor team was led by the authors Noam Rotem and Ran Locar. In their report, it says: »Luscious is a niche pornographic image site focused primarily on animated, user-uploaded content. Based on the research carried out by our team, the site has over 1 million registered users. Each user has a profile, the details of which could be accessed through our research. Private profiles allow users to upload, share, comment on and discuss content on Luscious. All of this is understandably done while keeping their identity hidden behind usernames.«
Some e-mail accounts with real names
On Luscious, users could post, discuss and share images in a pseudonym-protected environment. By exploiting a security vulnerability, the research team was now able to link the user profiles with the corresponding e-mail addresses as well as with the activity histories on the website. This raised the opportunity to extort users with their online activities. According to VPNmentor, numerous users used e-mail accounts with real names, and the data included the entire behavior on the website, i.e. uploading content, liking and commenting, as well as friendships and following among the users.
Risk of blackmail attempts by hackers
VPNmentor writes: »The highly sensitive and private nature of Luscious’ content makes users incredibly vulnerable to a range of attacks and exploitation by malicious hackers. While the data breach is now closed, it’s still possible that other hackers could have accessed it earlier and extracted the same data we viewed.«
Luscious.net users come from all over the world, sometimes they live in countries where pornography is forbidden by law. Among the email addresses that were visible to VPNmentor were also addresses that belong to government agencies.
The report warns urgently: »The impact of this data breach on users could be devastating, personally and financially. Activity on adult sites like Luscious is the most private in nature, and nobody ever expects it to be revealed. Its exposure could be ruinous for a victim’s relationships and personal lives.«
VPNmentor promotes VPN services
The full report on the data gap at Luscious can be found here. The website also compares different VPN providers that promise greater security for Internet users. It can be assumed that the VPNmentor profits from the brokerage of VPN customers. Therefore, the fear fuelled by the detected data gap is naturally in the business interest of the blog.