Any service or platform on the Internet is not only exposed to hacker attacks, but can also fall victim to mistakes of people who should ensure their integrity. According to information security experts, some camgirls sites in Spain exposed information from both sex workers and users, after the company in charge of these sites left the back-end database unprotected.
Among the exposed websites are some relatively popular, such as webcampornoxxx[.]net, placercams[.]com and amateur[.]tv, which is in fact one of the most popular adult sites in Spain. Although most users of these sites reside in that country, there are also many in other countries in Europe, as well as in the US.
Apparently the database remained exposed for weeks until its detection. According to information security experts, the compromised information includes detailed logs related to logins, such as usernames and IP addresses. Some private messages and emails sent by the platforms to users, as well as content preferences, were also exposed. It is important to note that none of the exposed logs were protected with encryption.
Access to the database was finally closed last week, after exposing relevant details about the millions of users of these platforms and about the ‘camgirls’. The report on this flaw was made by John Wethington, information security specialist at Condition:Black. “This is a severe flaw from the technical and security policy compliance approach,” the expert said. For Wethington, this must have been a really revealing incident for users, who surely ignored that these web pages stored such detailed records.
These kinds of incidents remain incredibly common, with dating services being one of the most data exposure responsible platforms. One of the best known cases is that of 3Fun, a group dating service that exposed the information of more than a million users due to an internal IT error.
Due to the information that safeguards such sites, a data exposure could bring serious personal consequences for affected users, as was the case with the data breach on the sexual encounters site Ashley Madison, which caused hundreds of divorce claims, and even some suicides among users.
The company began receiving requests for information almost immediately after the incident was revealed. In this regard, Hector Ros Oliver, spokesman for VTS Media, made some statements, where he mainly denied many of the versions on the incident. However, the investigation is still pending and, because the company (and its servers) resides in Europe, this fact must be investigated under the parameters of the European Union’s General Data Protection Regulation (GDPR). As previously reported by information security specialists at the International Institute of Cyber Security (IICS), a company could be fined up to 4% of its annual revenue if it’s found guilty on data protection violations.