Cyber-criminals are trading hundreds of thousands of xHamster porn account details on the digital underground.
Vice's Motherboard obtained a database of nearly 380,000 users including usernames, email addresses, and what appears to be poorly hashed passwords from the for-profit breach notification site LeakBase, according to a 28 November report.
LeakBase told the publication the accounts appear to have been traded around the same time a vulnerability was discovered on the adult site earlier this year however, it is unclear how the database was obtained.
Motherboard was able to confirm the emails in the database were in use on xHamster after receiving notifications that the emails addresses already exist in the system when attempting to create new accounts using the leaked data.
xHamster told Motherboard that data that the passwords were “properly encrypted” however, the hashes in the database were created using the MD5 algorithm which could reportedly allow hackers to look up the plain text versions of the already cracked hash.