Sex industry forum suffers data breach (and professionals could get caught with their pants down)
Thursday, October 10, 2019
However, the nature of the company breached means it could prove to be equally, if not more damaging. The forum is frequented by those that both work in the sex industry, as well as clients of sex workers.
“Compared to some notorious breaches that have occurred in the last 12 months involving billions of compromised records, this data breach may seem comparatively insignificant,” Ilia Kolochenko, CEO of cybersecurity company ImmuniWeb, said. “However, in terms of reputational damage it’s apt to inflict upon the victims, the impact may be unprecedentedly disastrous.”
This breach echoes the Ashley Madison data breach in 2015. Users of the site – aimed at married individuals looking to cheat on their partners – saw their data compromised and leaked on the dark web. Numerous suicides, thought to be connected, were reported in the wake of the breach.
“This time, the harm may be even more voluminous, diverse and long-lasting,” Kolochenko said.
“Sadly, many victims will likely be reluctant to file a lawsuit or criminal complaint being embarrassed by the nature of the incident.”
Business professionals could be cybercriminals’ top targets
It is highly likely that Hooker.nl users will be targeted by cybercriminals hoping to capitalise on any fear and embarrassment. While real names haven’t been compromised in the breach, NOS said that some of the data it viewed contained real names in the email addresses used to open an account. This means that, in some cases, account owners could potentially be identified from the data leaked.
According to Kolochenko, blackmail attempts are likely to be made against victims and their families, offering to remove their details for a fee.
Sextortion scams like this are common. Cybercriminals often claim to have recorded victims browsing adult content and threaten to send the recording to their friends and family unless a payment, usually in Bitcoin, is made.
However, more professional cybercriminals could use the compromised data to extort bigger rewards from victims.
“Professional cyber mercenaries may deploy smarter tactics, for example, asking employees of large organisations and IT vendors to share confidential data or access codes menacing to expose their secrets to management and colleagues,” Kolochenko explained.
However, those approached by extortionists shouldn’t hand over any money or information, but instead report the incident to the relevant authorities.
“In many jurisdictions, victims cannot be fired or reprimanded for their personal life that does not involve their employer,” Kolochenko said. Read Full Article
TechHQ: 6,500 online stores breached in Volusion supply-chain attack
Dark Reading: Most US Presidential Campaign Websites Offer Little Privacy Protection