Hacker advertises stolen porn website credentials on underground forums on dark web

A hacker known under the name of TheNeoBoss has allegedly stolen the login credentials belonging to users of a porn website called Team Skeet, part of the Paper Street Media (PSM) network and is currently selling the database associated with this website on the Dream Market, reports Motherboard. Apparently, the hacker who got access to more than 237,000 accounts has again raised the question regarding the importance of strong security needed for connected devices and products.

While Motherboard was able to verify some of the credentials the hacker offered, but they couldn’t confirm whether the hacker indeed had access to that many accounts or whether they were stolen in a recent theft. However, TheNeoBoss in his listing claims to have a database containing the details for 237,000 Team Skeet users, which includes data such as usernames, plain text passwords, email addresses, real names, IP addresses, and real addresses.

Speaking to Motherboard in an encrypted chat, the hacker says, “I want to publicly shame them for their poor practices.”

He is currently selling the compromised heave of data for 0.962 bitcoin, which is equivalent to around £280 ($400). Further, the stolen credentials were allegedly linked to over 20 separate adult websites, including: Exxxtra Small, Innocent High, Teen Curves, and CFNM Teens. The trove of compromised information is said to contain 50,000 logins for other websites in the PSM network and 468,000 lines of members’ IP data. While the hacker claimed to have had access to credit card information, he did not take it. However, the credentials supposedly work on 23 online properties belonging to PSM.

“So recently I managed to breach TeamSkeet.com, the giant USA porn network,” the hacker wrote on the Dream Market Dark Web marketplace. “By purchasing this database, you will basically have free porn accounts for life, or you could sell them [the login details] separately.”

Meanwhile, Jamal Hussain, Chief Technology Officer (CTO) of PSM told Motherboard that it was “not a live breach. The statement added: “The data is from a breach that happened in 2008. We were asked for a ransom, didn’t pay it, made security updates and have not had any issues since. There was no credit card info taken and all accounts are no longer valid for our member’s area.”

Further, PSM said that the company doesn’t delete usernames, which clarifies the number of items in this database. However, as a username expires, it loses access to the sites.

To confirm he had access to the Team Skeet website, the hacker proved to Motherboard by providing screenshots of the site’s backend panel, and he even briefly defaced the site’s main page on March 31. This suggests PSM’s security isn’t as strong as initially believed.

TheNeoBoss says he tried to warn PSM of the website’s weakness by inquiring whether there’s a bug bounty policy in place with the company. However, the PSM didn’t seem to care about his findings. So, he used the SQL injection to steal their data, which is a common attack used by hackers to infiltrate websites.

LEAVE A REPLY

Please enter your comment!
Please enter your name here