Nowadays, the maximum number of users is affected with massive data breaches, whether due to deep-seated cyberattacks or due to the simple lack of interest in the most necessary security measures.
According to a security investigation that is performed by the security research team at SafetyDetectives, led by Anurag Sen, has discovered that CAM4.com has compromised the privacy of its users.
In this data breach over 7 terabytes of data including names, sexual orientations, payment records, chat transcripts, and much more, leaving a total of 10.88 billion records exposed.
It’s a big disaster that has exposed the privacy of millions of users. According to the reports of the security site Safety Detectives, they have discovered that CAM4 had misconfigured an ElasticSearch production database so that it could easily find personally identifiable information (PII) as well as corporate details or spam detection records as well.
Here’s what the head security researcher of SafetyDetectives, Anurag Sen stated, “We easily found this Elastic Search database that was not password protected and was referenced on the public search engine Shodan. That’s why anyone could easily access it with the correct IP address, and hackers are specialized in this kind of research.”
Who is CAM4?
The CAM4.com is a popular adult streaming website, which belongs to Granity Entertainment that is based on Ireland. CAM4.com offers explicit content that is mainly intended only for adults.
In CAM4.com users or customers can purchase virtual tokens that can be used to tip the webcam performers or even watch private shows as well. Moreover, CAM4 has already paid out more than the US $100 million as commissions since its establishment to all its performers.
What was leaked?
Apart from all these things, the head security researcher Anurag Sen at Safety Detectives has made it obvious that “leaving a production server publicly exposed without a password is really dangerous for both users and companies.”
But, it is important to highlight that there is no clear evidence was found that CAM4 has been affected by a computer attack, as there might be some cybercriminals who are behind this data breach. The lack of evidence does not eliminate the possibility that this may have been the reason.
This massive data breach has exposed millions of PII entries that were available for public view without any sufficient security measures:-
- First and last names.
- Email addresses.
- Country of origin.
- Sign-up dates.
- Gender preference and sexual orientation.
- Device information.
- Miscellaneous user details such as spoken language.
- Payments logs, including credit card type, the amount paid, and applicable currency.
- User conversations.
- Transcripts of email correspondence.
- Inter-user conversations.
- Chat transcripts between users and CAM4.
- Token information.
- Password hashes.
- IP addresses.
- Fraud detection logs.
- Spam detection logs.
The real problem of CAM4 is the list of data breached and exposed. As the experts who have identified the issue have found the data from March this year, and the nature of this data is especially sensitive. As the email count has exceeded several million counts, and the exact number could not be correctly calculated because of multiple entries.
A large volume of emails was sourced from the major email providers like gmail.com, iCloud.com, and hotmail.com. In this leaked data, more than 11 million email addresses are their, 26.39 million had password hashes for both CAM4 users and website systems.
6.5 million bits of data were found on the server that belongs to the internet users resident in the USA. Thus, the US is the first country most affected by this security breach, while in the second position comes Brazil with 5.3 million, in the third position comes Italy with 4.8 million.
The security firm, SafetyDetectives, is concerned that this information, potentially recovered by hackers and sold on the dark web, and not only that even it could also allow the crooks to blackmail internet users as well.
Measures to stop Data Exposure
In case you have been a user of the web, we recommend you unsubscribe from the site or, failing that, unlink your email from the porn website. Now to remain secure, and prevent your personal information from being exposed in a data leak simply you should follow the recommendations that we have mentioned below:-
- Always be cautious before giving your information.
- Always check the website that you are visiting is secure or not.
- Always create and use strong passwords.
- Do not click any unknown links in emails.
- Activate or use Two-factor authentication.
- Avoid using credit and debit card information.