Adult website breach exposes 1.2m users… and we’re not just talking about data

A database containing the personal information of visitors to adult websites has been breached, leaving 1.2 million unique email addresses, as well as usernames and encrypted passwords.

Frequenters of the site Wife Lovers, along with seven others that relied on the database, have had their information stolen. That could put the private messages and images posted by users at risk.

As well as the personal information, the IP address was used to register on the sites in question was also stolen; which also could be used to easily identify the users in question, and also those who may not know the content had been posted.

As well as the Wife Lovers site, which is apparently used for the sharing of wife-centric erotic content, the other sides that relied on the 98MB database are: asiansex4u.com, bbwsex4u.com, indiansex4u.com, nudeafrica.com, nudelatins.com, nudemen.com. wifeposter.com.

The sites are all owned by one person, Robert Angelini, who Ars Technica (via Sophos) contacted earlier this week. He had some bad news for those compromised as a result of a hack.

Related: Best VPN

He says: “When you post on the message board your email address and posting ID is already shown in your post. Thus, if someone is able to “crack the code” of the encrypted posting password they might be able to log into other websites that you use the same password associated with that posting ID or email address on our website.”

Worse still the encryption tech used to protect the passwords is decades old and practically “worthless.” The 1979-era tech took one experts just seven minutes to crack.

Also problematic, is the issue of consent. It’s not clear whether all of the images posted to the site were with the consent of the people depicted.

“This incident is a huge privacy violation, and it could be devastating for people like this guy if he’s outed (or, I assume, if his wife finds out),” says Troy Hunt, the operator of the Have I Been Pwned site.

The owner of Wife Lovers and the other sites in question says the 1.2 million account details far overstates the number of users registered to the site.

The incident has shades of the Ashley Madison breach back in 2015, which saw 36 million users’ data dumped online.

Are the owners of adult sites doing enough to protect the privacy of users? Drop us a line @TrustedReviews on Twitter.