“Free porn for life” using stolen TeamSkeet accounts advertised on Dark Web

LAPTOPMAN

Got a spare $400? Need a lifetime’s worth of porn?

Hacker “TheNeoBoss,” at your service!

That’s the name of a Dark Web user who’s claiming to have breached US-based porn market TeamSkeet.com, from which he claims to have ripped off a database with details for 237,000 users, as Motherboard reported.

The data allegedly includes usernames, plain text passwords, email addresses, real names, IP addresses, and physical addresses.

Motherboard says it has seen a list of 8,000 users’ details. The hacker also sent a screenshot showing that he’s in possession of 237,000 account details in total, but Motherboard wasn’t able to verify the larger set.

TheNeoBoss is also selling a database of what he says are 50,000 login credentials for other sites on TeamSkeet’s broader porn network, Paper Street Media (PSM). Other items up for sale: 426,000 lines of failed login attempts, and 468,000 lines of “Members Geo IP data.”

Motherboard reports that he posted an advertisement for all this on the Dream Market Dark Web marketplace.

From his post:

So recently I managed to breach TeamSkeet.com, the giant USA porn network. By purchasing this database, you will basically have free porn accounts for life, or you could sell them [the login details] separately.

Such a deal. Imagine: free porn for life.

Or then again, maybe that $400 – that’s 0.962 bitcoins, to be precise – will go up in a puff of Dark Web e-smoke and buyers will be stuck with a whole lot of stale 2008 breach detritus?

That, at any rate, was what PSM told Motherboard would happen.

From an email sent by CTO Jamal Hussain after the publication sent a sample of the apparent user data – those 8,000 credentials – given it by TheNeoBoss:

This is not a live breach. The data is from a breach that happened in 2008. We were asked for a ransom, didn’t pay it, made security updates and have not had any issues since. There was no credit card info taken and all accounts are no longer valid for our members area.

Yup, that’s right, echoed company lawyer Steven Eisenberg. Anybody who buys those logins will just come away with a fat sack of nothing, he said:

Once a username is created PSM never blocks it out; however, once it expires, the user can no longer access the site.

This would explain your results. … As previously advised, the purported breach occurred approximately eight years ago, nothing ever came of the purported breach and PSM added additional security measures to its site. PSM is not aware of any other such issues.

By referring to “your results,” Eisenberg was talking about how Motherboard managed to use some of the TeamSkeet usernames on other PSM sites.

That includes the sites Exxxtra Small, Teen Pies, Innocent High, Teen Curves, and CFNM Teens – a selection of some of the 23 separate porn sites to be found in the PSM network.

The publication reports that some of the email addresses failed to receive messages when it reached out to account holders.

TheNeoBoss reportedly claimed to have access to some credit card data that he didn’t take.

He’d rather embarrass people than score credit card details, the hacker claimed in an encrypted chat with Motherboard:

I want to publicly shame them for their poor practices.

It’s not clear whether the shaming is directing at the “them” who enjoy adult content or the “them” that are PSM.

But it’s probably safe to assume he was referring to PSM, given that TheNeoBoss claimed to have been met with indifference when he allegedly told the company about the website’s vulnerability.

“[PSM] didn’t seem to care,” he said.

It’s quite the “he said, she said” situation. For what it’s worth, TheNeoBoss claimed to have exploited the data via an SQL injection and that he had other forms of access to the PSM system, which he said the company had started to shut off.

On the other hand, for what it’s worth, Hussain, the company’s CTO, claimed that there have been no recent breaches.

However, Motherboard confirmed the opposite: in fact, the TeamSkeet site was briefly defaced on 31 March.

TheNeoBoss sent Motherboard’s Joseph Cox screenshots of what looked like administrative panels for the porn network, including customer support tickets dated as recently as 31 March.

At any rate, caveat emptor, would-be buyers of porn for life.

And while we’re at it, caveat emptor, porn consumers. Let’s hope this doesn’t turn into some type of extortion situation or embarrassment scenario a la the breach of the Ashley Madison adulterers site.

Image of Man looking at laptop courtesy of Shutterstock.com