MindGeek/List of MindGeek data breaches

Several pornographic labels under MindGeek suffered data breaches in the recent years.

2012 - 1 million YouPorn users exposed

The email addresses and passwords of more than a million users of the YouPorn^[1] sex chat site were exposed in February 2012 following a coding error that went undetected for years.^[2]

YouPorn was not hacked but sign-up information on a public facing web server was left unencrypted.

The affected site - chat.youporn.com - was taken down on Tuesday, 21 February.

2015 - RedTube hit with mass malware-serving campaign

RedTube became the second major adult site^[3] to be hit with a massive malware-serving campaign in February 2015.

the attack on site visitors uses the source code of RedTube’s main page. The source code was modified to include a hidden piece of redirection code. That in turn leads to the kit which exploits the user’s browser and will attempt to drop malware.

2015 - Series of malware advertising attacks hit Pornhub and YouPorn

Several malwaretising attacks^[4] against many top adult sites resulted in attacks on YouPorn and Pornhub in September 2015. The malvertising on Pornhub and YouPorn did not last as long.

2016 - Brazzers leaks account details for 800,000 (paid!) users

"Almost 800,000 account holders on porn site Brazzers have had their details breached thanks to a vulnerability in the vBulletin forum software, potentially exposing some to online extortion attempts."^[5]

The data breach was reported on in September 2016^[6]. It appears to have come from a cyber-attack launched back in 2013.

2017 - Year-long malvertising campaign against Pornhub

Security company Proofpoint reported that a hacking group called KovCoreG group placed its malvertising badness on Pornhub^[7] that could have put millions of users at risk.

Proofpoint said that the attack was active for more than a year.

"This attack chain exposed millions of potential victims in the US, Canada, the UK, and Australia, leveraging slight variations on a fake browser update scheme that worked on all three major Windows web browsers. "

References

↑ YouPorn users exposed in 2012
↑ The data from this leak has been imported into Troy Hunt's "Have I Been Pwned?" tool. When an email address is searched on the site, it will indicate whether the address in question was part of this data breach.
↑ RedTubehit by a malware campaign in 2015
↑ Malwaretising attacks on Pornhub and YouPorn in 2015
↑ Also available in the "Have I Been Pwned?" database.
↑ Data Breach on Brazzers in 2016
↑ Malwaretising attack on Pornhub in 2017

[1] YouPorn users exposed in 2012

[2] The data from this leak has been imported into Troy Hunt's "Have I Been Pwned?" tool. When an email address is searched on the site, it will indicate whether the address in question was part of this data breach.

[3] RedTubehit by a malware campaign in 2015

[4] Malwaretising attacks on Pornhub and YouPorn in 2015

[5] Also available in the "Have I Been Pwned?" database.

[6] Data Breach on Brazzers in 2016

[7] Malwaretising attack on Pornhub in 2017

[1]

[2]

[3]

[4]

[5]

[6]

[7]