A million logins for the hugely popular YouPorn sex site appear to have been leaked after a hacker chanced upon a URL linking to a user list apparently left exposed for several years.
Smaller portions of the YouPorn database featuring user email addresses and passwords have appeared on Pastebin, many of them using recognisable first and last names.
The vulnerable URL has now been taken down by the publishers of YouPorn, which still leaves a large number of the site’s users at risk of having their accounts hacked of phished.
“You can imagine how employers and marital partners may be less than impressed to find you are registered for a website like YouPorn. And their discovery of your porn penchant is only a search and a click away,” said Graham Cluley of Sophos.
Worse, many of the individuals exposed will use the same email address and password combination for other major sites, exposing them to a security risk across all of their Internet use, he said.
According to Swedish ESET security expert Anders Nilsson, the vulnerability that the unknown hacker found could date back as far as November 2007.
The data breach is the second to hit major porn sites recently, coming only 10 days after a hacker claimed to have stolen 350,000 user logins for the Brazzers.com site.
Data breaches are a nightmare for companies at the best of times, but porn companies that depend for their business on protecting the anonymity of users this amounts to double trouble.
Few Internet users will even have heard of YouPorn or Brazzers but the number of users reportedly being exposed by hackers demonstrates the scale of these businesses. How many content businesses on the Internet can boast a million paying customers?