View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 4, 2019updated 19 Apr 2023 4:02pm

Cam Girls, Punters Exposed After Pornography Database Left Wide Open

"The database in this case was an ElasticSearch database cluster"

By CBR Staff Writer

The personal data of millions of pornography viewers – including many IP addresses, usernames and plaintext passwords – was left exposed for weeks by a Barcelona-based company after it left a database cluster wide open.

Researchers at security firm Condition:Black discovered the database cluster containing months-worth of daily logs, and account information of “camgirls” featuring on the websites, along with which videos users were watching.

As first reported by Techcrunch’s Zack Whittaker, the databases contained logs for Barcelona-based VTS Media, include amateur.tv — the 129th most visited website in Spain, according to Alexa traffic rankings.

Camgirl Database Included “Detailed Records” 

Whittaker notes: “The logs included detailed records of when users logged in — including usernames and sometimes their user-agents and IP addresses, which can be used to identify users. The logs also included users’ private chat messages with other users, as well as promotional emails they were receiving from the various sites. The logs even included failed login attempts, storing usernames and passwords in plaintext. We did not test the credentials as doing so would be unlawful.”

John Wethington, founder of Condition:Black.told Computer Business Review in a Twitter DM: “The database in this case was an ElasticSearch database cluster (3 systems)… We see all kinds [of exposed databases] with varying levels of security controls. The ones most often left insecure are MongoDB, ElasticSearch and Data “Buckets” like AWS S3. These typically have little to no actual security setup and can be accessed with a browser.”

VTS Media did not respond to a request for comment.

Charlotte, NC-based Condition:Black offers pen testing, SOC design and consulting and other services. It runs a “internet freedom and human rights through technology programme” with a global network of volunteers. 

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
How hackers’ tactics are evolving in an increasingly complex landscape

There are now a eye watering 2.3 billion files exposed online, owing to such misconfiguration of commonly used file storage technologies, according to digital risk specialist Digital Shadows. That includes 98 million in the UK alone.

Read this: Colossal 2.3 Billion Files Now Exposed Online

Topics in this article : , , , , ,
Websites in our network
The New Statesman Press Gazette Spears World of Fine wine Elite Traveler Leadmonitor
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU