LUXEMBOURG—Massive adult tube site YouPorn is denying that personal data belonging to as many as a million users of YP Chat has been compromised, as news outlets are reporting. In a YouPorn blog post yesterday, VP of Operations Brad Black said that no YouPorn data was “exposed” at all.
“The real focus of the recent news is YP Chat, an entirely separate service that was linked to from YouPorn.com,” wrote Black. “The chat service is owned and operated by a third party and is in no way associated with YouPorn.com. YP Chat is hosted on separate non-YouPorn servers and a security issue on said servers in no way creates a gateway to YouPorn.com’s secure data.”
That assertion is contradicted by other reports saying that email addresses, passwords and dates of birth for up to a million users of YP Chat were compromised. According to Anders Nilsson, CTO of EuroSecure, “Hackers have already started going through the lists, checking which users have the same password for e-mail or Facebook, and have posted some intimate pictures found in some users’ sent/received e-mail.”
YouPorn has admitted that there was an incident. “With respect to YP Chat user data, we’ve taken it upon ourselves to do an independent analysis,” wrote Black. “The investigation revealed that poor security practices resulted in YP Chat’s unencrypted daily user logs being left in an unsecured public directory.”
But Black also insised that the scope of the exposure was much less than is being reported, saying, “Some reports have used this information to claim that millions of user accounts were compromised. However, that is simply not the case. As the logs maintained daily records, users that accessed their YP Chat accounts on a recurring basis would have their activity appear in countless log files. This resulted in some media outlets over-inflating the number of affected users, where in actual fact the number of unique users affected was several thousand, not millions.”
Still, YouPorn appears to be taking the incident it says has had a “negative impact on YouPorn users” seriously, calling it “disheartening” and advising people, “If you have an YP Chat user account and use the same login information for any other website or service it is recommended that you update your information on other sites immediately.”
Such advice seems definitely warranted in the wake of this mishap and the recent hack of another Manwin-owned online property, a Brazzers forum that was compromised by a 17-year-old kid living in Morocco by way of a secondary website connected to the primary target.
However, “Unlike the recent Brazzers porn site hack," stated Graham Cluley on Naked Security, sloppy practices are being blamed for the YouPorn incident, with debug data about users seemingly being stored in a public fashion since 2007.”
Nilsson was even more critical, writing, “For a security professional it is baffling how coders working on a website with such sensitive content can make mistakes of this magnitude. Allegedly hundreds of megabytes of data has been secured by people with unknown goals. Cyber criminals can easily go through these e-mail addresses and match them with passwords and this way gain access to e-mail accounts. Once they are in, they can secure even more sensitive information to use in phishing attacks, theft, or fraud.”
Even if those allegations turn out to be exaggerated, one undeniable result of these recent episodes is that there is now more scrutiny than ever before on the security practices and protocols of arguably the largest porn company in the world.
AVN contacted Manwin for additional comment, but a reply was not immediately forthcoming.