Xhamster, one of the world’s most visited websites was hacked. 380k accounts are exposed.
Xhamster Hack – Details
The breach was reported by Motherboard. The hack was carried out earlier this year. As usual, we still don’t know who is responsible for the attack. What we do know is that the security of the site is very lacking.
The passwords were protected by the archaic MD5 hash, an algorithm that’s “cryptographically broken and unsuitable for further use” according to the Software Engineering Institute. That doesn’t stop sites from using it, though. The problem is a lack of updating. When sites like Xhamster implemented the MD5 hash, the algorithm could have been relatively secure, but that’s no longer the case.
Another intriguing detail to note is that the data dump contains 40 US Army addresses. This isn’t surprising, as most data-dumps contain work addresses, especially if they were used for “naughty” purposes. Ironically, this only makes the account more noticeable.
The Hacking of Xhamster could prove dangerous
All breaches of privacy can end up harming their victims, but the leak of porn site data can be even more dangerous. The Xhamster accounts store a lot of data that may be sensitive. A quick look at the site (for research purposes) showed us that Xhamster contains a lot of fetish content that, while not illegal in itself, can be considered kinky or embarrassing. Leaking that data can lead to some unpleasant situations.
Let’s also not forget that the porn habits are very telling of the user’s sexuality. The data from the breach can be used to “out” homosexuals. That can have serious consequences for the life of the hacked users.
Some would argue that making an Xhamster account is a stupid idea in the first place. After all, the site is free anyway, so why make an account?
Well, the functions of an Xhamster account aren’t all that different from the functions of any other video-sharing service; commenting, sharing, adding videos to favorites, live-streaming, etc.
Pornography isn’t something that people discuss openly in real life out of fear of being frowned upon. That’s why these accounts exist, to provide anonymity for those interested in immersing themselves in whatever kink they desire.
Still, free porn sites like Xhamster remain a nightmare in terms of cyber-security, as they often lack encryption and have advertising that can spread malware. Since few products would sell while advertised on dirty sites, pages like Xhamster often rely on shady ads to turn a profit. Many of these ads contain ransomware, adware, and other infections.