MindGeek/List of MindGeek data breaches

< MindGeek(Redirected from List of MindGeek data breaches)

Several pornographic labels under MindGeek suffered data breaches in the recent years.

2012 - 1 million YouPorn users exposed

The email addresses and passwords of more than a million users of the YouPorn[1] sex chat site were exposed in February 2012 following a coding error that went undetected for years.[2]

YouPorn was not hacked but sign-up information on a public facing web server was left unencrypted.

The affected site - chat.youporn.com - was taken down on Tuesday, 21 February.

2015 - RedTube hit with mass malware-serving campaign

RedTube became the second major adult site[3] to be hit with a massive malware-serving campaign in February 2015.

the attack on site visitors uses the source code of RedTube’s main page. The source code was modified to include a hidden piece of redirection code. That in turn leads to the kit which exploits the user’s browser and will attempt to drop malware.

2015 - Series of malware advertising attacks hit Pornhub and YouPorn

Several malwaretising attacks[4] against many top adult sites resulted in attacks on YouPorn and Pornhub in September 2015. The malvertising on Pornhub and YouPorn did not last as long.

2016 - Brazzers leaks account details for 800,000 (paid!) users

"Almost 800,000 account holders on porn site Brazzers have had their details breached thanks to a vulnerability in the vBulletin forum software, potentially exposing some to online extortion attempts."[5]

The data breach was reported on in September 2016[6]. It appears to have come from a cyber-attack launched back in 2013.

2017 - Year-long malvertising campaign against Pornhub

Security company Proofpoint reported that a hacking group called KovCoreG group placed its malvertising badness on Pornhub[7] that could have put millions of users at risk.

Proofpoint said that the attack was active for more than a year.

"This attack chain exposed millions of potential victims in the US, Canada, the UK, and Australia, leveraging slight variations on a fake browser update scheme that worked on all three major Windows web browsers. "

References

  1. YouPorn users exposed in 2012
  2. The data from this leak has been imported into Troy Hunt's "Have I Been Pwned?" tool. When an email address is searched on the site, it will indicate whether the address in question was part of this data breach.
  3. RedTubehit by a malware campaign in 2015
  4. Malwaretising attacks on Pornhub and YouPorn in 2015
  5. Also available in the "Have I Been Pwned?" database.
  6. Data Breach on Brazzers in 2016
  7. Malwaretising attack on Pornhub in 2017