380,000 xHamster User Account Details Being Sold on Dark Web Forums
If you have an account with xHamster, you should be very very worried. A report indicates that hackers are selling such 380,000 xHamster usernames, passwords, and email addresses on the dark web underground forums.
A report on Motherboard states that it received a database of almost 380,000 users from for-profit breach notification site LeakBase which included usernames, email addresses and what looks like poorly-hashed passwords. According to Motherboard, the email ids, usernames and passwords look legit and correspond to existing xHamster accounts. Which means that if you have an xHamster account, you should be worried about your account being misused or used for cyber crime activity like phishing/spamming etc.
For the uninitiated, xHamster is a adult entertainment website which hosts tonnes of explicit NSFW videos and can be seen for free. However, xHamster offers users option to upload their own videos and create their own adult collection by registering on its website. Also, such registered users can post comments, download videos and give ratings. It seems that the hackers who are selling the 380,000 usernames have access to this xHamster user database.
Motherboard randomly selected 50 xHamster usernames from the data provided by LeakBase and tried to create new accounts on the site with them. They confirmed that all the 50 accounts were active as they received a message for each stating the email address was already being used.
There is no news of xHamster getting hacked but LeakBase told Motherboard a hacker found a vulnerability in xHamster’s website earlier this year. However, it is not currently known exactly how the hackers managed to lay their hands on this database.
xHamster agreed that the usernames being traded on dark web underground forums are legit but said that there is no risk for its users because all passwords are encrypted because the hackers might have obtained are usernames and email addresses. It failed to counter the LeakBase report that the passwords are MD5 hashed and can be broken in few seconds.
“The passwords of all xHamster users are properly encrypted, so it is almost impossible to hack them. Thus, all the passwords are safe and the users data secured,” xHamster said.
It also failed to state as to how the hackers could lay their hands on active xHamster accounts. The said accounts are still being traded on the underground forums and before long they will be leaked online and available to everyone. Therefore, if you are a xHamster user, make sure you reset your password and better still, change your registered email id.