An organized network of Camgirl sites has reportedly exposed personal data of millions of sex workers and users who participated in sessions on those sites. Simply put: A bundle of databases was left exposed to the public without any authentication.
Originally discovered by security researchers at Condition:Black; the exposed network belonged to Barcelona, Spain’s based VTS Media and included databases from popular camgirls-related sites including amateur.tv, placercams.com, and webcampornoxxx.net.
A look into the exposed databases reported by TechCrunch revealed that the data contained logs of millions of users from Europe and the United States. For instance, usernames, private chats, passwords from failed login attempts, IP addresses, and viewing habits of users were among the data.
“After reviewing the sites’ data privacy policy and terms and conditions, it’s clear that users likely had no idea that their activities being monitored to this level of detail,” John Wethington, founder of Condition:Black told TechCrunch.
However, on the other hand, VTS Media has published a press release contradicting TechCrunch’s report. The company maintained that only 300,000 users had their data exposed and the security breach took place between 24-05-2019 and 04-09-2019.
Although VTS Media claimed that the exposed network was not accessed by third-parties, the fact that email IDs, IP addresses and viewing habits of users were part of it is enough to open doors for cybercriminals and scammers to blackmail victims in real life.
Only around 0,46% of our camgirls have been affected by having some sensitive data exposed, and they will be contacted shortly, VTS Media said in a press release.
It is worth mentioning that in 2015, a former police captain of the City of San Antonio police department committed suicide after his official email address was found amid the leaked data of the cheating website Ashley Madison.
Nevertheless, since the network is based in Europe it also goes against everything that General Data Protection Regulation (GDPR) stands for.
