The International Business Times in United Kingdom reported that some of the personal details of roughly 180,000 members of an underground pornography community have been leaked online due to a misconfigured database. The group focused on sharing voyeuristic images and so-called "upskirt" pictures of unsuspecting women.
The full trove of leaked personal details contain 178,201 unique email addresses, alongside usernames, hashed passwords, dates of birth, IP addresses and a series of website logs – such as 'join date', 'last post date' and 'reputation' point statistics. There was no financial data included.
The website in question, The Candid Board, is dedicated to images, videos and forum posts about women who appear to be unaware they are being photographed or recorded – in many cases while sunbathing on beaches or socializing in bars.
"We do not want to limit people by a narrow definition of what is and what is not 'candid'. Basically anything un-posed and non-professional is allowed as long as no board rules are broken," the website states in an FAQ. Subscriptions are priced at US$ 19.99 a month.
IBTimes UK obtained the leaked details from a source who wished to remain anonymous. The details from the leaked database, which has now been secured, were reportedly obtained from September 2015. They were being managed by a US-based cloud hosting provider called Webair.
"Rather than try to track down a forum administrator, who probably doesn't want to be tracked down, I decided to contact the hosting company Webair," the IBTimes UK source said. "I made my way through an automated system and pushed the buttons for tech support.
"When I described the issue to the support on the other side, he immediately understood what the problem was. It was almost as if they were aware of the problems in their system. We didn't talk for long. He said he would contact the client and then we hung up."
Upon analysis, there were 19 .gov email addresses with domains including wales.gsi.gov.uk, education.tas.gov.au, bom.gov.au and houstontx.gov. There are also nearly 70 .mil records, the majority of which were us.army.mil (32) and navy.mil (6).
When tested, a number of the IP numbers in the leak appeared to match their corresponding email address. In one example, an IP search for the person using the email "wales.gsi.gov.uk" brought up the result: http://host246.welsh-ofce.gov.uk.
The full trove of leaked personal details contain 178,201 unique email addresses, alongside usernames, hashed passwords, dates of birth, IP addresses and a series of website logs – such as 'join date', 'last post date' and 'reputation' point statistics. There was no financial data included.
The website in question, The Candid Board, is dedicated to images, videos and forum posts about women who appear to be unaware they are being photographed or recorded – in many cases while sunbathing on beaches or socializing in bars.
"We do not want to limit people by a narrow definition of what is and what is not 'candid'. Basically anything un-posed and non-professional is allowed as long as no board rules are broken," the website states in an FAQ. Subscriptions are priced at US$ 19.99 a month.
IBTimes UK obtained the leaked details from a source who wished to remain anonymous. The details from the leaked database, which has now been secured, were reportedly obtained from September 2015. They were being managed by a US-based cloud hosting provider called Webair.
"Rather than try to track down a forum administrator, who probably doesn't want to be tracked down, I decided to contact the hosting company Webair," the IBTimes UK source said. "I made my way through an automated system and pushed the buttons for tech support.
"When I described the issue to the support on the other side, he immediately understood what the problem was. It was almost as if they were aware of the problems in their system. We didn't talk for long. He said he would contact the client and then we hung up."
Upon analysis, there were 19 .gov email addresses with domains including wales.gsi.gov.uk, education.tas.gov.au, bom.gov.au and houstontx.gov. There are also nearly 70 .mil records, the majority of which were us.army.mil (32) and navy.mil (6).
When tested, a number of the IP numbers in the leak appeared to match their corresponding email address. In one example, an IP search for the person using the email "wales.gsi.gov.uk" brought up the result: http://host246.welsh-ofce.gov.uk.
No comments:
Post a Comment