Porn site users urged to protect themselves by using 'safe words'

Nearly 800,000 users' details have been stolen from porn chat site Brazzers, leading some pundits to advise users to be more creative with their passwords.

Brazzers site taken down while admins take corrective measures
Brazzers site taken down while admins take corrective measures

The names and passwords associated with 790,724 unique email addresses of users of the Brazzers porn site have been exposed online.

The news was broken by Motherboard, which received the dataset from breach monitoring site Vigilante.pw. The dataset contained a total of 928,072 records but some of these were duplicates.

The dataset was verified by security researcher Troy Hunt using data and customer contacts from his Have I Been Pwned? website.

The breach occurred in 2012 on the Brazzers forum discussion board. The forum was operated by a third-party using vBulletin software, according to Brazzers. Brazzers shared login details with the forum so even people who had never registered to use the forum found themselves in the breach dataset.

Hunt told Motherboard that he had seen a spate of vBulletin breaches caused by admins failing to update the software, leaving their users' data exposed to well-known security vulnerabilities.

Ilia Kolochenko, CEO of web security firm High-Tech Bridge, offers advice to users of Brazzers and other sites. "We should keep in mind that everything we send online – emails, pictures or instant messages – may be compromised. Don't think that encryption or auto-deletion of a video will help – once something goes online, it can be intercepted or compromised. There are numerous attack vectors, from our own devices that can be hacked and backdoored to backup providers of companies who store or transfer the data.

“Therefore, if you want absolute tranquility, make sure that all your digital assets can be published on page one of the Daily Mail tomorrow without making you feeling uncomfortable. Obviously, I don't speak about confidential professional information, but about such things that afterwards may embarrass you and your colleagues."

Jon Geater, chief technology officer at Thales e-Security, said, “This kind of hack highlights the complexity of maintaining personal privacy and security online, and keeping your private life private. Although this particular incident concerns an adult site, the flaw came from a piece of generic shared software that is also used on many other sites.”

James Maude, senior security engineer at Avecto, said, "The Brazzers hack shows how breaches can come from any direction and leave users exposed. What we learn from this is the need for safe words – and by that I mean not reusing the same passwords.”

Maude added: “In the scheme of things this isn't a particularly ground-breaking breach. However, it will no doubt be fetishised by onlookers and the media due to the salacious nature of the content.”

Brazzers told the BBC that it was taking “corrective measures” to stop users' credentials from being used.