An online forum titled ‘Flirtsexchat’, where community members discuss highly sensitive topics such as fetishes and sexual fantasies, suffered a loss of user data in a September hack.
Some consumers used the website to meet up with others who shared their interests.
According to reporting from Vice, the personal information included “email addresses, usernames, IP addresses, and hashed passwords”. It is now being traded “among low level hackers and data collectors”.
The publication attempted to reach out to several people involved in the hack as victims, and one responded confirming that their data had been compromised.
Reporters were also able to verify that the leaked emails matched existing user accounts on the site by trying to use them at registration.
The hack was likely possible because of a vulnerability in vBulletin forum software.
Vice reporter Joseph Cox writes: “Even if you sign up to a sensitive website with a non-identifying username, if hackers target that site, it could expose the email address or other information you used to make an account.
“With that in mind, it may be worth using different email addresses for different purposes. That way, when a site is hacked and its data stolen, there can be a lower chance of the account being linked back to you.”
Last month, 72,000 users on Turkish dating app Heyyo had their private information leaked. According to security expert Robert Ramsden Board, the platform’s servers were “without authentication or a password”.
Read more here.