PussyCash adult webcam data breach exposes highly sensitive data of models

Graham Cluley

PussyCash adult webcam data breach exposes personal data of models

PussyCash adult webcam data breach exposes personal data of models

Thousands of adult webcam models have had their intimate details exposed online after a data breach involving the live webcam porn network, PussyCash.

Those who know about such things say that PussyCash “hosts affiliation programs for multiple adult sites, paying webmasters for traffic sent to the sites through banners and exit traffic.”

Sites owned and operated by PussyCash, via its parent company IML SLU, include ImLive, Sexier, Fetish Galaxy, Shemale, Supermen, Forget Vanilla, Whiplr, Phonemates, and others.

Security researchers at VPN Mentor say that they uncovered a leaky Amazon S3 bucket, administered by the explicit webcam network, with 875,000 files accessible to anybody with an internet connection – no password required.

The haul of information exposed included videos, photographs, screenshots of video chats, and other data. In addition, webcam models who signed up for the network had their full name, dates of birth, place of birth, address, citizenship status, nationality, passport details, gender, photograph, signature, parents’ full names, fingerprints, full credit card numbers, credit card expiry dates, body measurements, details of tattoos and piercings, and a score of other personal details exposed through the scanning of passports, credit cards, driving licences, national ID cards, birth certificates, marriage certificates, and model release forms.

Imlive

You may have been expecting to reveal a lot by signing up as an adult webcam model, but I doubt this is quite what you had in mind.

Czech model
Czech model holds two forms of identification.

Bizarrely, the information even includes scans of models’ handwritten biographies, including their favourite food, sexual fantasies, favourite sexual position, hobbies, and so forth.

Webcam biography
Handwritten biography page of a South American model.

Gulp!

Clearly in the wrong hands such sensitive information could be extremely dangerous. There is not only the conventional threat of scams and identity theft, but also blackmail, extortion, stalking, and public humiliation.

And it’s worth bearing in mind that individuals listed in the database may no longer be an active adult webcam model, and could now work in a more conventional profession where disclosure of their past could prove highly embarrassing.

PussyCash is just one of many many sites to have made the mistake of leaving sensitive data exposed on an unsecured server for anybody to access, without seemingly the first thought about proper security.

But that’s no excuse. All businesses, small and large, whether they be accountants or quantity surveyors or those hawking live streams of webcam models, should learn the lesson now to better defend their data and stop it from falling into unauthorised hands.

Learn more about the breach, and the threats facing the models exposed, in this article by the team at VPN Mentor.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.