fuite donnees stripchat

Stripchat: a data leak concerning 65 million users

With 400 to 500 million visitors per month, Stripchat is a benchmark in adult entertainment. Recently, this platform was the scene of a technological blunder exposing a huge portion of its users to serious harm. Find out everything about this data leak which could be particularly embarrassing for some subscribers.

Stripchat subscriber information leaked

November 2021, cybersecurity expert Volodymyr Diachenko aka Bob drew attention to information stored on Cloud which should be confidential. The Comparitech researcher discovers details about visitors to the chat and pornographic video site on an Elacsticsearch cluster. The database was not encrypted in any way and would be visibly compromising.

This block of information totals 200 million records. This is data concerning 65 million users. This leak clearly reveals their identifier and contact details. These include emails, IP address and the subscription date. Each account was linked to a certain amount spent on Stripchat.

As problems never come alone, a second database leak was also brought to public attention. This time, 421,000 recordings concerning female performers were revealed. These are the service providers who sell their nudity via camera. Compromised records include names, rate specialties as well as billing details. There was even a score that ranked the best actresses on the platform who were not all professionals.

“Small” Cloud configuration error, big scandal

The data leak concerning Stripchat customers comes from a poor configuration of the Cloud. Information on millions of subscribers was exposed due to the human factor. What is classified as a handling error can cause significant harm to victims. Households may be broken up, but above all reputations will be reduced to nothing.

Simple moments of distraction or fantasies can unfortunately lead to an embarrassing situation both in private life and professionally. For those who have never visited Stripchat, this site mainly sells striptease via chat. This platform created in 2016 has its headquarters in Cyprus. Taking full advantage of the confinements, it experienced a 72% growth in its traffic in 2020.

So far, the compromised data has not yet fallen into the wrong hands. In this case, victims risk various harms, including harassment and racketeering. They are also adept at humiliation and various forms of blackmail. Phishing mainly involves threats via the Internet or telephone. Diachenko, the man who detected the leak, calls for vigilance. It encourages potential victims not to open emails allegedly from Stripchat. Doubtful links should also be avoided.

Cross-referencing data exposes you to various risks

This data leak is compromising for subscribers, but also for strippers. These models may be harassed if malicious people manage to obtain other information about them. Once correlated, the information clearly shows the victim’s complete profile. It then remains for the hackers to carry out an extortion or a deliberate act against him.

A lire également  Google commits to fighting DDOS attacks with machine learning

Fortunately, not all data stored and lost by Stripchat includes personal information. Users often take the trouble to camouflage their identity. They use an email created especially for pornography and social networks. Many of them also employ a VPN encryption tunnel. This system hides their real IP address. Despite these precautions, cross-referencing data still allows the subterfuge to be foiled.

In summer 2021, GreatHorn published that phishing campaigns targeting businesses are experiencing an upsurge. In 12 months, attacks have multiplied as employees connect to pornographic sites from their workstation. Extortion and phishing attempts using this professional route increased by 974% in 1 year. Hackers often get nothing out of their target, but still manage to destabilize them.

A mistake anyone could make

Contacted by Diachenko, Stripchat took the time to become aware of the extent of the damage. The whistleblower used his Twitter account and email to warn those responsible for the Cypriot company. The latter finally reacted by securing its databases two days after the message. There is no way since when the information was left unprotected. It is also unclear whether hackers have ever used it.

The cybersecurity expert emphasizes the fact that porn sites with millions of subscribers must make more efforts to better protect customer data. They need protocols to follow in the event of incidents. Indeed, digital security specialists spend most of their time finding vulnerabilities. Hackers also carry out the same activity, but for less careful purposes.

Cloud configuration errors are common. The case of Stripchat is far from isolated. In 2021, there was the VIP Games site which exposed data concerning 66,000 users. The public sector is not spared either. The Elasticsearch cluster made it easy to read security intelligence on alleged terrorists. In short, whether individuals or companies, it is important to be wary of the Cloud, especially when there is pornography in the air…


StripChat, the world’s largest pornographic video chat network, is accused of leaking the personal information of 65 million of its customers.
According to 01Net, a cluster of servers for the site, which hosts 500 million users each month, has been made available to the public.
Bob Diachenko, a security researcher at Comparitech, identified the compromise on November 5 and notified the company.

What Stripchat data was leaked?

The data of 65 million individuals who registered on the platform was among those that were compromised.
Information such as user ID, email address, IP address, Internet service provider, payments (“tips”), and the date of the most recent and account registration date could be obtained by this method.

719.00 texts were exchanged

421,000 performing artists are also affected by the situation.
It was possible to specify a user’s gender and studio ID, as well as their status and tipping options, as well as their overall rating.

The data included 134 and other information.