Any service or platform on the Internet is not only exposed to hacker attacks, but can also fall victim to mistakes of people who should ensure their integrity. According to information security experts, some camgirls sites in Spain exposed information from both sex workers and users, after the company in charge of these sites left the back-end database unprotected.
Among the exposed websites are some relatively
popular, such as webcampornoxxx[.]net, placercams[.]com and amateur[.]tv, which
is in fact one of the most popular adult sites in Spain. Although most users of
these sites reside in that country, there are also many in other countries in
Europe, as well as in the US.
Apparently the database remained exposed for
weeks until its detection. According to information security experts, the
compromised information includes detailed logs related to logins, such as
usernames and IP addresses. Some private messages and emails sent by the
platforms to users, as well as content preferences, were also exposed. It is
important to note that none of the exposed logs were protected with encryption.
Access to the database was finally closed last
week, after exposing relevant details about the millions of users of these
platforms and about the ‘camgirls’. The report on this flaw was made by John
Wethington, information security specialist at Condition:Black. “This is a
severe flaw from the technical and security policy compliance approach,”
the expert said. For Wethington, this must have been a really revealing
incident for users, who surely ignored that these web pages stored such
detailed records.
These kinds of incidents remain incredibly common, with dating services being one of the most data exposure responsible platforms. One of the best known cases is that of 3Fun, a group dating service that exposed the information of more than a million users due to an internal IT error.
Due to the information that safeguards such
sites, a data exposure could bring serious personal consequences for affected
users, as was the case with the data breach on the sexual encounters site Ashley
Madison, which caused hundreds of divorce claims, and even some
suicides among users.
The company began receiving requests for
information almost immediately after the incident was revealed. In this regard,
Hector Ros Oliver, spokesman for VTS Media, made some statements, where he
mainly denied many of the versions on the incident. However, the investigation
is still pending and, because the company (and its servers) resides in Europe,
this fact must be investigated under the parameters of the European Union’s
General Data Protection Regulation (GDPR). As previously reported by
information security specialists at the International Institute of Cyber
Security (IICS), a company could be fined up to 4% of its annual revenue if it’s
found guilty on data protection violations.
