Luscious is a niche pornographic image site focused primarily on animated, user-uploaded content. Based on the research carried out by our team, the site has over 1 million registered users. Each user has a profile, the details of which could be accessed through our research.
Private profiles allow users to upload, share, comment on, and discuss content on Luscious. All of this is understandably done while keeping their identity hidden behind usernames.
The data breach our team discovered compromises this anonymity by potentially allowing hackers to access the personal details of users, including their personal email address. The highly sensitive and private nature of Luscious’ content makes users incredibly vulnerable to a range of attacks and exploitation by malicious hackers.
The private personal user details we viewed included:
- Personal email addresses
- User activity logs (date joined, most recent log in)
- Country of residence/location
Some users’ email addresses indicated their full names, increasing their vulnerability to exploitation and cybercrime.
It’s worth mentioning that we estimate 20% of emails on Luscious accounts use fake email addresses to sign up. This suggests that some Luscious users are actively taking extra steps to remain anonymous.
User Behaviours & Activities
The data breach also gave a complete overview of user activities. This allowed us to view things like:
- The number of image albums they had created
- Video uploads
- Blog posts
- Followers and accounts followed
- Their User ID number – so we can know if they’re active or have been banned
Ouch – if you were on there, good luck and change your details immediately!