CAM4

CAM4: Data of more than 4 million French people leaked by a porn site

Notably known for streaming webcams and free sex chats, the pornographic site CAM4 was recently the victim of a significant data leak. Indeed, this is the personal data of no less than 4 million French people who are thus found in nature…

This is not an isolated case and many websites have been victims of a data leak at one time or another, however when it comes to pornography, This is bound to become embarrassing for some.. Concerning the CAM4 data leak, Security Detectives researchers have discovered to date, the equivalent of 7TB of data including, among other things, the personal data of millions of users.

The number of visitors to CAM4 is colossal, in fact, they are no less than 2 billion visitors who flock there every year. CAM4 allows users to view virtual shows, conducted from start to finish and organized by the hostesses themselves. Every day, no less than 76,000 shows are broadcast live, representing a total of no less than one million hours of streaming per week. Figures that make you dizzy!

Among the data contained in this huge leak are, among other things, the name, email address, country, date of registration, information including the person’s sexual preferences, IP address and even type. device used. The passwords also appear but in a so-called hashed format, that is to say encrypted. Computer security specialists who had access to this data leak affirm that it is possible to consult private conversations of uses as well as expenses made on the site as well as the means of payment.

free sex chat

In totality, these are the data of no less than 11 million CAM4 users who thus see their personal data disappear into the wild, which is moreover very embarrassing from an ethical point of view. This flight included 6.5 million Americans, 5.3 million Brazilians, nearly 5 million Italians but also 4.1 million French and no less than 3 million Germans.

CAM4: Poorly configured, ElasticSearch was the cause of this colossal data leak.

The CAM4 data were distributed over a cluster representing in total nearly 11 billion records. The problem is that one of the databases of the site used when it was put into production was accessible to the public on the internet.

A lire également  What are the top 5 cyberattacks of 2022 and why web security is a crucial topic these days?

The cause was quickly found; it was simply a configuration error on an ElasticSearch cluster. GOOD equipped with Elastic Stack security features (freely downloadable since May 2019), IT security specialists continue to find many ElasticSearch servers poorly configured and/or poorly secured.

A common mistake found in many data leaks related to ElasticSearch is making access to the servers possible via the internet. However, it is imperative that these are only accessible via the intranet. To do this and properly secure the clusters, the implementation of password control, role and IP filtering by a Firewall is imperative.

This is after Security Detectives researchers warned CAM4’s parent company, Granity Entertainment, that the Sys Admin immediately took the database implicated in this leak offline.

Despite this rapid awareness and correction, hackers nevertheless had plenty of time to access this data even before this flaw was detected. The problem with this type of data leak is that cybercriminals can easily use it to launch phishing campaigns, usurpation or even blackmailing their victims under the cover of revealing the user’s sexual habits and tendencies.

When there is a data leak, and more particularly with regard to adult sites, the leaked information relating to the private life, or even the intimacy of users, can pose big problems. Which was the case for notably the leak from the social network Ashley Madison, a network dedicated to adultery in 2015 and some of whose users are still today victims of blackmail and intimidation campaigns. The cybercriminal can, for example, threaten to reveal the victim’s secret life to his or her husband or wife unless they pay a certain sum of money, most generally in BTC (bitcoins) to the blackmailer. A dangerous and increasingly widespread practice as the digital lives of Internet users are in full swing.