Sophos Cloud Optix
A hacker, identified as a 17-year-old based in Morocco, claims to have stolen the personal information of 350,000 users from hardcore porn mavens Brazzers.
The point, claims the hacker, was to highlight a security vulnerability on the adult site.
According to reports, the teen uploaded a small sample of the stolen data to the internet, displaying customer emails, usernames and passwords. Presumably to offer up proof that he was behind the breach.
Karen Miller, spokesperson for Brazzers’ parent company Manwin Holding, reportedly said that the hacker accessed their websites via an old user forum. Investigations were ongoing.
Ms Miller also explained Manwin and Brazzers were contacting everyone who was potentially affected by the breach but underlined that no credit card information was stolen.
The Associated Press writes that this is a “potential embarrassment for Luxembourg-based Manwin, which runs some of the world’s best-known pornography websites.”
It is all very well to worry about the porn company’s reputation, but what about the customers?! How do they feel knowing that their info, including names and emails, are either available for anyone to see, or risk being posted at the hacker’s whim?
The thing that gets me here is that if the hacker was genuinely concerned about the vulnerability on the site, why didn’t he follow more responsible disclosure practices?
For instance, he could have called Brazzers, explained the situation and given them an agreed amount of time to fix the problem. Granted though, this wouldn’t have gotten the headlines.
Another approach would have been to contact a single journalist and showed him/her the vulnerability in action. This would have protected the site’s customers much better and alerted us all once again to the vulnerabilities that exist on the web.
But there is a take-away for us all here – individuals and companies alike: Good housekeeping matters. Make sure to close down accounts and websites you no longer use. Leaving them unpatched, vulnerable and connected is just trouble waiting to happen.
Image courtesy of Shutterstock
Image courtesy of Shutterstock
The hacker is a kid. He has a childish mentality and wants to make a 'name' for himself. You are right with the responsible route, but with a childish individual of any age, that's not what's going to happen.
I was expecting him to say that this is what one gets for visiting porn sites. Those sites do tend to be filled with viruses and malware. I've mistyped urls and hit porn sites that tried to download exe files in the background. Thankfully I'm on a Mac and the browser I was using alerted me to the download going on.
I would have been hilarious if the kid had posted all the names of the perverts in the list.
George Orwell said 'Big brother is watching'. So what? Everyone is!
Just because someone has a membership there, doesn't make him pervert.
But how would he identify which ones were perverts? Or are you suggesting that they're all perverts for looking at porn?
"It is all very well to worry about the porn company's reputation"
Am I the only one rolling on the floor laughing at this? I did not know you could hurt a porn company's reputation.
I doubt *very* much that you are alone on this one Machin…
he's not alone since when porn companys have reputation ? more crap is their reputation / people working for them more success they get "in their world"
Umm . . . I think that's the point the author was making. Was it perhaps too subtle?
A small small?
Good spot. Fixed.
I think you mean "well spotted". "good spot" is something you say to a dog.
Promoting responsible hacker culture is difficult with this current fad of "doing it for the lulz".
This article makes me laugh… wishing that the hacker would have handled the situation better… wishing he had been a bit more responsible and cared about divulging people's information… but ultimately forgetting that we're talking about a 17 YEAR OLD here!! hahaha! 17!!! Responsibility isn't usually part of a 17 year old's vocabulary, especially one who is a hacker and who is trying to prove to himself and to others that he was able to do what many can't… at the age of 17!!
As difficult as it is to avoid innuendo… An online pornography business should be serious about protecting its customers privates.
If the hacker community was firm in only lauding hackers that did the right thing then the 17 year old would have done something more responsible. As it is, the commonly accepted thing to do is to hack something then put some proof on pastebin or somewhere and gloat.
I am not saying that the hacker community is entirely at fault here either, companies shooting the messenger with legal action don't help either. As it is being 17 he has no legal right to view the material on the site and sending an email with " I am a juvenile who has been penetration testing your servers and I found a vulnerability" isn't going to earn a kind response.
Maybe we should all just out ourselves as porn aficionados, list our favorite perv sites, steal the thunder from sweaty 17-year-olds, and take a day off to devote to drooling over our friends' and colleagues' viewing habits. Or maybe somebody should start a site like GoodReads, where we can see what our friends are up to.
GoodSmut? GoodGracious?!
GoodThingMyMotherDoesn'tUseTheInternet.
Ethical hacking is important to a civil society.
The publication of the names of significant public officials or politicians who use these sites is essential. The Public/private life balance is important but if we are shown smiling politicians patting children on the head, are we not entitled also to know what they like in the way of acts that may well be illegal in their own country.
The 17 year old after all did not attempt to Blackmail anybody for an example system passwords, so I think his attitude was quite responsible.
"A hacker, identified as a 17-year-old…."
Presumably the porn company thought that an entry page with the words "Are you over 18? YES / NO" was enough to keep out 17 year old hackers…