Thousands of porn stars' intimate details 'exposed online'

  • Published
A Brazilian ID card.Image source, vpnMentor
Image caption,
A Brazilian ID card with a fingerprint

Cyber-security researchers claim that highly sensitive personal details about thousands of porn stars have been exposed online by an adult website.

They told BBC News they had found an open folder on PussyCash's Amazon web server that contained 875,000 files.

The live webcam porn network, which owns the brand ImLive and other adult websites, said there was no evidence anyone else had accessed the folder.

And it had it removed public access as soon as it had been told of the leak.

The researchers are from vpnMentor, which is a VPN comparison site.

"Privacy and the protection of user data is a top priority and concern for us," PussyCash said.

"For this reason, we acted promptly and removed public access to the open folder as soon as vpnMentor alerted us to this fact."

'Public humiliation'

But vpnMentor said in a blog anyone with the right link could have accessed 19.95GB of data dating back over 15 years as well as from the past few weeks, including contracts revealing more than 4,000 models':

  • full name
  • address
  • social-security number
  • date of birth
  • phone number
  • height
  • weight
  • hips, bust and waist measurements
  • piercings
  • tattoos
  • scars

The files also revealed scans or photographs of their:

  • passport
  • driving licence
  • credit card
  • birth certificate

And the folder also contained:

  • videos
  • marketing materials
  • photographs
  • clips and screenshots of video chats

The models were mainly from North America but also from Latin America, the Czech Republic and Hungary, vpnMentor said.

And the leak represented a potentially "severe threat" of identity theft, scams, public humiliation, blackmail, extortion, stalking, job loss, and embarrassment that could "could very well ruin" their lives.

"This is really alarming," said David Emm, a senior security researcher at Kaspersky Lab. "There's a lot of very sensitive information involved, leaving the people affected by it open to a combination of ID theft and extortion.

"It could also leave people feeling the way you do when a burglar has forced entry to your home and you know they've been through intimate aspects of your life."

This is the latest incident where a company has failed to protect data on a server properly.