The identities of users of a popular adult website have been exposed after the site’s “sloppy practices”. The incident left email addresses, passwords and birth dates vulnerable on a public-facing server, according to internet security firm Sophos.
YouPorn, one of the top 100 sites of any kind in the world, has been storing user data on publicly accessible servers since 2007, Sophos said. The culprit server is now shut down, but some of the data has been published elsewhere, leaving adult site users embarrassed.
This may mean a lot of trouble for those who use only one password for different websites. The information that is now publicly available online gives hackers what they need to gain access to the users’ other accounts such as Amazon, PayPal, or Facebook.
“If you’re still using the same password on multiple sites, this rather embarrassing lesson should act as a warning,” said Graham Cluley, senior technology consultant at Sophos. “When users sign up for an online account, they have very little guarantee about the protection of their account information. It’s therefore essential that users use different, hard-to-guess passwords for every online account so that if their details are published online, hackers can’t use them to access other sites where they may be able to cause considerable financial damage.”
Watch Cluley’s simple tips on how to choose strong passwords:
Embarrassment alone is not the biggest misery of watching adult films. Mr. Cluley says “spouses or employers finding out that people have accounts for this adult site could be the least of users’ worries. If you have an account and you know that your password is now known, change it now!”
The adult website downplayed the importance of the breach. “Contrary to some reports, YouPorn.com has not suffered a breach of security. YouPorn.com users can rest assured, no data has been exposed,” read a blog on the site.
“The real focus of the recent news is YP Chat, an entirely separate service that was linked to from YouPorn.com. The chat service is owned and operated by a third party and is in no way associated with YouPorn.com. YP Chat is hosted on separate non-YouPorn servers and a security issue on said servers in no way creates a gateway to YouPorn.com’s secure data.”
In a poll of 676 computer users in March 2009, Sophos found that 33% used the same password all the time, 48% used a few different ones and only 19% never used the same passwords for different websites.
Contact the reporter of this story at firstname.lastname@example.org
Also read – e-business: your privacy on the line-
Also read – Our private lives on the web