Serviceteam IT Security News

A website that shares adult content has caused blushes of a different kind by leaking the private data of 1.195 million global users. 

An authentication failure on the website Luscious.net allowed unrestricted access to a database containing user names, locations, genders, personal email addresses and even some full names. Also available were activity logs detailing what users had liked, uploaded, commented on and shared. 

Users of the website, which specializes in computer-generated pornographic animations and graphics, were left vulnerable to bullying, harassment, phishing and the threat of blackmail. It is estimated that around 20% of the user accounts were set up with fake email addresses, meaning roughly 800,000 genuine email accounts were placed at risk. 

The data leak was uncovered on August 15 by a vpnMentor research team led by cybersecurity professionals Noam Rotem and Ran Locar. The team was able to access detailed information regarding user activity on the site, including image uploads and blog posts. 

A spokesperson for vpnMentor said: “Some of these blog posts were extremely personal – including depressive or otherwise vulnerable content – and kept anonymous. Due to this data breach, however, the blog posts are no longer anonymous, with many of the authors’ identities revealed.”

After being informed of the breach, it took the operators of Luscious.net just four days to fix the security hole. It’s unknown how long the private user data may have laid exposed before the leak was caught.

A number of users in Brazil, Australia, Italy, Malaysia and Australia had signed up to Luscious using official government email addresses. Though this may come as a surprise to some people, Ed Macnair, CEO of Censornet, isn’t one of them. 

Macnair said: “It sounds unlikely that people would use their professional email addresses for personal services, but in a survey we ran last year, 10% of respondents admitted to visiting adult websites from a work device or using the work internet connection.”

Commenting on the Luscious data leak, he said: “This is hugely concerning as it risks exposing an entire organisation to an attack. It is therefore vital that organizations – government or otherwise – put strict measures on internet activity at work and discourage the use of work email addresses for personal services.” 

Luscious users are advised to change their username and other account details to remain safe.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!