Over 380,000 user accounts of adult video website xHamster have recently been leaked online to notification site LeakBase, in a report by Motherboard.
The breach put personal information of its clients like usernames, email addresses, and passwords out in the public. Moreover, the database includes 40 email addresses belonging to the US Army, and 30 that are from government bodies in the US, UK, and other countries.
According to LeakBase, the accounts were being traded at the same time that a hacker found a vulnerability on the website earlier this year, but it is not exactly clear how the database was obtained.
An xHamster spokesperson provided the following statements to Motherboard regarding the security breach. It states:
“The passwords of all xHamster users are properly encrypted, so it is almost impossible to hack them. Thus, all the passwords are safe and the users data secured.”
However, it was found that the hashes in the database can easily be cracked, having used an old encryption algorithm, which was also reportedly the one used with infidelity website Ashley Madison which was also hacked a year ago. “The fact they think the hashes are secure is a blatant example of the faulty security placed in companies even to this day," stated a LeakBase representative.
Just about three months ago, another pornographic website, Brazzers, had 800,000 user accounts brought out to the public, potentially leaking not only usernames and passwords, but also private thoughts of its members.
Should you feel the need to check if any of your accounts have been compromised, you can check Have I Been Pwned? and see if your details are included in the leak.
Source: Motherboard via The Next Web