A vulnerability in dated versions of forum software vBulletin has led to 250,000 users of a Dutch sex worker website having their personal information leaked. According to reporting from PCMag UK, an unnamed hacker is selling the data for $300.
Hookers.nl lost email addresses, user names, IP addresses, and scrambled password data belonging to both sex workers and their clients.
Prostitution is legal in The Netherlands, but the information could still be used to blackmail or otherwise threaten the victims.
The site has reported the incident to the police, and claims it will take anyone using the data to court.
The attack took advantage of the same exploit which was used in the recent hack of online forum ‘Flirtsexchat’.
In that instance, Vice reporters were able to confirm that the database corresponded to live user accounts on the forum by attempting to use them at registration.
One individual also contacted the publication and admitted that they had been affected by the leak.
Newer versions of vBulletin have reportedly patched over the vulnerability, but site owners need to update in order to be protected.
Read more here.