How much do you like watching adult films? Because they seem to enjoy watching you, and now they’ve got their hands wrapped around your personal info.
When you sign up to a porn site, you expose a lot of sensitive personal info without even knowing it. To demonstrate this fact, a mystery man who describes himself as a “white hat hacker” claims he’s acquired tens of thousands of customer records from popular website GayHoopla (which features models like Alex Jones and Sean Costin, pictured) and its cousin site, HotGuysFuck.
“When I alerted the sites of their massive security issues, the owners just ignored me,” he tells Motherboard via encrypted email. “I thought they would take it more seriously if I showed them the data. Unfortunately, that didn’t work either; they just sent me weird threats.”
Most of the data was easy to obtain and in fact publicly exposed; the rest was obtained by chipping away at overt vulnerabilities to the site’s design.
To demonstrate he means business, GP Whitehat showed Motherboard a slew of plain text passwords, email addresses, user names, and IP addresses.
Both websites are owed by Blurred Media LLC.
“This really angers me that they couldn’t/didn’t catch this breach,” one GayHoopla member said.
GP Whitehouse has in his possession about 30,000 records, some of which also include home addresses. (And if you’re a member of VoyeurBoys, beware, because he’s obtained data from that site, too.)
According to a harried rep for Blurred Media LLC, “This individual has refused to identify himself to us or discuss how or even why he has attacked us. He has admitted to stealing our private property, has issued threats against us personally and our business, has vandalized a part of the website, and has used the stolen property in an attempt to damage our business.”
GP Whitehat has allegedly threatened Blurred Media LLC’s owner by sending him an email that contains their Social Security Number, a fact verified by Motherboard.
The hacker assures the publication that he’s never been employed or affiliated with the sites. “I am categorically not a former employee, associate, or contractor of the site, nor do I know any.”
He promises the data will neither be publicly distributed nor put on sale.
Then again, hackers are notorious for their wild ways.