Registered users should “rest assured” that none of their data has been exposed, according to a statement released Thursday afternoon by the world's most popular adult Web site YouPorn. There's still no official number on how many people were affected by an information breach that exposed millions of user accounts.
“We’d like to stress again, none of YouPorn’s more than 4.75 Million user accounts were compromised,” said Brad Black, YouPorn’s vice president of operations. Black blamed poor security practices of a third party service provider for the breach and the media for exaggerating the number of users affected.
A thread on Flashback.org, Sweden’s largest Web forum, revealed that data for registered users of YouPorn's chat client was openly accessible until the server was taken offline on Tuesday, according to a blog entry by Anders Nilsson, a security specialist at the Scandinavian firm Eurosecure. The information contained e-mail addresses and passwords for more than one million users.
YouPorn is one of the most visited Web sites in the world. In its heyday, the site was pulling 15 million news users every month, according to a 2007 report from the Guardian. Black, in a statement (NSFW) released Thursday, says the site has 4.7 million users and that “the number of unique users affected was several thousand, not millions.”
Despite password safety rules, “a surprisingly large portion of Internet users use the same passwords for many of the services they use on the Internet, whether it is e-mail accounts, Facebook, PayPal, or other services,” Nilsson wrote.
Hackers had already started checking passwords against e-mail addresses and posting “intimate pictures” retrieved from e-mail accounts, he wrote in the blog. Once hackers get into a person’s e-mail account, they can secure even more information to launch phishing attacks or fraud operations.
Said Nilsson, “For a security professional it is baffling how coders working on a website with such sensitive content can make mistakes of this magnitude. Allegedly hundreds of megabytes of data has been secured by people with unknown goals.”