Adult cam website ‘Stripchat’ reveals user and model information in data leak

  • An adult cam website has published data on users and models alike through an online database.
  • The leak contained approximately 200 million records with multiple references to Stripchat.
  • The database was indexed in early November and the researchers contacted the website after its discovery.

Researchers discovered a database of around 200 million unprotected online records that contained many references to personal information of users and models, as well as other details from the live sex cam website Stripchat. The bug was discovered in early November and reported to said website via email and Twitter, but the researchers received no response.

Comparitech’s cybersec research team, led by Bob Diachenko, discovered the exposed data set, which could be freely accessed online without a password or other authentication, on November 5th, 2016 and registered in Cyprus, so the database was secured on November 7th.

The information disclosed about the users and models of the site included, among other things, usernames, email addresses, and IPs. The Elasticsearch cluster totaled 200 million records from multiple records, of which approximately 65 million contained all or some of the details listed below.

  • Email-address
  • Username
  • IP address
  • ISP
  • Tip balance
  • Account creation timestamp
  • Last activity timestamp
  • Locked status

Approximately 421,000 records associated with models disclosed some or all of the following information:

  • Username
  • gender
  • Studio ID
  • Live status
  • Tip menus and prices
  • Strip score

The researchers also found a transactional database of 134 million records that contained information about tokens and tips paid by users to models, including private tips, and a moderation database of 719,000 chat messages sent to models, including private and public messages, that were displayed is the user ID of the observer who sent the message.

Needless to say, the information disclosed could result in blackmail, fraud, or harassment if it gets into the hands of hackers. This disclosure is aimed at increasing cybersecurity awareness and reducing harm to end users.


Comments are closed.