A network of ‘camgirl’ sites exposed millions of users and sex workers data

A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected.

The sites, run by Barcelona-based VTS Media, include amateur.tv, webcampornoxxx.net, and placercams.com. Most of the sites’ users are based in Spain and Europe, but we found evidence of users across the world, including the United States.

According to Alexa traffic rankings, amateur.tv is one of the most popular in Spain.

The database, containing months-worth of daily logs of the site activities, was left without a password for weeks. Those logs included detailed records of when users logged in — including usernames and sometimes their user-agents and IP addresses, which can be used to identify users. The logs also included users’ private chat messages with other users, as well as promotional emails they were receiving from the various sites. The logs even included failed login attempts, storing usernames and passwords in plaintext. We did not test the credentials as doing so would be unlawful.

None of the data was encrypted.

The exposed data also revealed which videos users were watching and renting, exposing kinks and private sexual preferences.

In all, the logs were detailed enough to see which users were logging in, from where, and often their email addresses or other identifiable information — which in some cases we could match to real-world identities.

Not only were users affected, the “camgirls” — who broadcast sexual content to viewers — also had some of their account information exposed.

Source: A network of ‘camgirl’ sites exposed millions of users and sex workers | TechCrunch