During one of my excursions to the Deepweb (on the Darknet), I discovered a treasure trove of hacked data that appears to be from an adult social networking site. This particular adult site is one of the most heavily-trafficked websites in the world, boasting an Alexa U.S. page rank slightly above 747.
Was this adult site hacked and extorted?
During a fit of rage, a pissed off hacker (going by the handle ROR[RG]) posted 15 downloadable spreadsheets (in zipped file format with credit card data stripped) to a week-old Darknet forum stating that he had rooted the adult site database. Why? Because they owed his guy approximately $248,000 USD. He bragged that the company and law enforcement could not touch him because he was based in Thailand. His ransom demand was set at $100,000 (50G to begin and 50G to end).
If you combine the ransom demand with the amount owed to the hackers buddy — we are looking at approximately $348,000 USD. If the data breach is genuine (and I am sure it is), there is a ton of personally identifiable information (PII) sitting in a forum on the Darknet that has been viewed 1,756 times. It is unknown how many times the breached data files have been downloaded. Though the files were stripped of credit card data, it is still relatively easy to connect the dots and identify thousands upon thousands of users who subscribe to this adult site.
Where is the credit card data?
There was one forum request concerning credit card data — I have not seen the data appear in any of the Darknet marketplaces yet.
What data did the files include?
The files included more then enough data to enable a cyber-criminal to conduct a massive phishing campaign:
Quickly glancing over spreadsheet #11, I’ve located Fakeuser@###.com (not his real user account) and see that he is a 54 year old male from St. John’s, Newfoundland. Next, I Google Mr. Fakeuser and see that he is a married man who is blond, blue-eyed, and buff. He also thinks he is a hot male and he is just looking for fun in the form of a one-night-stand with a swinging couple or partner — he is seeking something somewhat discreet. Aha, mind if I er giggle?
In spreadsheet #1, I found Fakeuser2@###.com (not his real user account) and he is a 62-year-old Hispanic male from North Brunswick, NJ who is an advertiser in real life, and has a preference for the subporno forum. By Googling his handle I was able to associate his real name and to locate the social media pages that he manages.
Also in spreadsheet #1 I located a user who spends a lot of money in the BDSM forum. He is a 40-year-old, white male from a small community in Illinois (population: 4,206), and is self-employed in some type of welding business. He will become anybody’s slave and he also lied about his age on the adult site, and depicts himself as a 29-year-old male. Got a leash?
Hacked and re-hacked!
Cyber-criminals can take the data breach listed above and go well beyond a simple web search. They could target users of the BDSM forum and design an entirely innocuous-looking phishing campaign replete with social engineering tactics. Masters or slaves that frequent these type of forums could become enticed to click on a provocative link and provide more personal information, providing that the email template is custom-tailored to their fetishes.
You can assume that the hacked database is not simply sitting on one forum — it is probably being shared within other Darknet and I2P forums too. With so much data included in the rooted database(s), and even though the majority of email addresses come from free email accounts such as AOL, Gmail, Live, Hotmail, and Yahoo.com — it should be relatively easy to dox a slew of them.
Nobody remains untouched
Unless you grew up in the middle of a corn field in Nebraska or live off the grid — you, or someone you know is a consumer of pornography in one form or another. Visiting illicit forums is risky for those who are well established in their careers and communities. Whether it is your next door neighbor, your boss, your aunt, your friend, or your brother — these risque sites are not always up to par in regards to user privacy and security. Using pseudonymous webmail accounts such as Yahoo and Gmail to sign up at adult sites does not guarantee that anyone’s identity will remain anonymous.
Unreported data breaches
For the most part — companies that choose to not report data breaches tend to get away with it. I have not seen any mention of a data breach at this particular adult site either. I do not know how the company reacted to ROR[RG]’s extortion demand. I also do not know why the company owed the hacker’s buddy $248,000 USD. This entire situation goes beyond nightmarish, but regardless of what is occurring behind the scenes — the failure of the company to protect subscriber privacy is atrocious. They are well aware that users of such illicit forums perhaps have a strong desire to maintain anonymity rather then become an object of ridicule.
What do you think the outcome will be?
So? That information is available?
Yes, it was reposted on the Darknet.
Any link? I been trying to find it. Yes, I interested in checking some profile since the adult site charge too much.
No links to the data here.
curious. why did you focus only on men in you samples?
It was not my intent to focus on men in my sample analysis – though the majority of subscribers are male. I was not looking at “gender” as the baseline criteria to locate the individual(s) in real life.
The reason why they got hacked is posted on the source forum at the following link
http://hell2bjhfxm77htq.onion.city/index.php?topic=644.0
Interesting and thank you for posting – I just published a blog with your submission.
On which forum can we download the spreadsheets?
That would be the hell forum on .onion. ROR{RG] now has the complete db up for sale.
Some awareness.
One site less in this industries
Keep on going!!!
Hmmm, who knows what could happen? (May 22 2015).