800,000 Accounts From Porn Website Brazzer Exposed

Computer hacks have become the norm in today’s internet. The huge amount of unsecured servers, misconfigurations, and exploits makes hacking an everyday occurrence. 

Today’s victim was Brazzer, the pornographic production company, based in Montreal, Canada. The company confirmed the breach yesterday, explaining that the hack was performed over Brazzersforum –which is run by a third-party under the vBulletin forum framework–. Nevertheless, some users who didn’t have a forum account saw their data leaked on the Internet.

The origins of the hack dates back to 2012, exactly 790,724 email addresses with their associated plain-text passwords, and usernames were stolen. Matt Stevens, PR manager from Brazzer told Motherboard:

This matches an incident which occurred in 2012 with our ‘Brazzersforum,’ which was managed by a third party. The incident occurred because of a vulnerability in the said third party software, the ‘vBulletin’ software, and not Brazzers itself.

However, Stevens admitted that, although the hack was performed in a separate third-party service, normal user accounts of the main website got compromised:

That being said, users’ accounts were shared between Brazzers and the ‘Brazzersforum’ which was created for user convenience. That resulted in a small portion of our user accounts being exposed and we took corrective measures in the days following this incident to protect our users

The Brazzer forums show –at the time of press– a maintenance sign, with no statements on when it will (or if) resume operations.

This hack puts again the forum service framework vBulletin in the spotlight, the code is used in thousands of public and private forums all over the internet, its popularity and lack of proper security maintenance –the pace at which the updates are rolled out pale in comparison with the number of vulnerabilities discovered– makes it easy for malicious crackers to steal valuable information.

As always we recommend our readers to be very cautious with their online identity, in this case, the best course of action is to never reuse passwords, and to keep separate login credentials on all your online services. Consider using a password manager to better secure your information.