Candid Board hacked, data of 180,000 members who signed up for candid upskirt images leaked
Voyeurs have never been so unlucky. The Candid Board, a website which caters to the voyeurs by sharing downblouse and upskirt images has been hacked by unknown hackers. Hackers then proceeded leak emails ids, usernames and other details of nearly 180,000 The Candid Board members publicly.
For the uninitiated, The Candid Board is a voyeur subscription-based image boarding website which lets users sign up for a fixed fee and share downblouse and upskirt images. The website is particularly popular for “upskirt” pictures of unsuspecting women.
Reports indicate that hackers were able to hack the website due to misconfigured database and were able to access the entire membership trove on The Candid Board. The hackers have now leaked the full trove of leaked personal details of 178,201 unique email addresses, alongside usernames, hashed passwords, dates of birth, IP addresses and a series of website logs – such as ‘join date’, ‘last post date’ and ‘reputation’ point statistics.
The hackers have not released financial details such as credit card and bank information of The Candid Board members. The image sharing website charges $19.99 as subscription fees from its members and the hackers might be sitting on huge treasure chest which may be sold at a later date on the dark web underground forums for a premium.
The leak was first reported by IBTimes who was informed about the huge data breach by an anonymous source. According to IB Times, the hack on The Candid Board had occurred sometime in September 2015 but the hacker chose to leak the details of members now.
Most of The Candid Board leaked details were found to be legitimate. The leaked details contained 19 .gov email addresses with domains including wales.gsi.gov.uk, education.tas.gov.au, bom.gov.au and houstontx.gov. There are also nearly 70 .mil records, the majority of which were us.army.mil (32) and navy.mil (6).
When tested, a number of the IP numbers in the leak appeared to match their corresponding email address. In one example, an IP search for the person using the email “wales.gsi.gov.uk” brought up the result: https://host246.welsh-ofce.gov.uk.
It seems some of the candid members of The Candid Board could be having heartburns at the moment.
