Luscious.net, an adult website, has suffered a data breach which has led to the leak of over a million users’ personal information.
Leaky, Unprotected Database Exposed Millions of Luscious.net Users
vpnMentor researchers were the first to report about an exposed database that allowed threat actors to harvest the accounts of Luscious.net users.
Leaked data belonging to 1.195 million users contains usernames, email addresses, activity logs, and location details. The incident was discovered on August 15, and the problem was fixed by Luscious on August 19.
“Luscious is a niche pornographic image site focused primarily on animated, user-uploaded content. Based on the research carried out by our team, the site has over 1 million registered users. Each user has a profile, the details of which could be accessed through our research,” vpnMentor wrote in a report.
Luscious.net data breach compromises the anonymity of its users by potentially allowing hackers to access their personal details. The highly sensitive and private nature of the website’s content makes users incredibly vulnerable to a range of attacks and exploitation by malicious hackers, the researchers pointed out. In other words, owners of breached accounts could start receiving sextortion (blackmail) messages.
For now, there is no confirmed evidence that the exposed data has been stolen but “it was wide open for the taking”. What is worse is that the data was “completely unsecured and unencrypted”, which is a recipe for privacy disasters. But the worst of it all is that users’ video uploads to Luscious.net were also accessed which could enable potential hackers to connect users’ real names to the uploaded image and video content.
The impact of the data breach is enormous and can lead to various implications in both personal and financial aspects.
A greater issue of concern is the fact that many users joined Luscious on official government emails. We found examples of this from users in Brazil, Australia, Italy, Malaysia, and Australia, the researchers said.
If you are among the users whose accounts were breached, change your password immediately. For future reference, if you ever register on an adult or any other website that requires anonymity, always use a disposable email account created for the occasion. And never user your real name.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: