1 million YouPorn users exposed; data breach required no security penetration

Investigators probe YouPorn over non-consensual penetration, find poor safe-computing practices

By  

  Sign me up for ITworld's FREE daily newsletter!
Email: 
 

Some stories make you want to wash your hands afterward. With others it's simpler to just wear vinyl gloves while you type.

This is one of the latter.

A hack that penetrated the user database at YouPorn, one of the largest free porn sites on the web, became public knowledge this week when some user data, including email addresses and were posted on Swedish web forum Flashback.org.

The sample that was published there is a subset of the data that was stolen – more than a million user names and passwords from YouPorn's chat section at chat.youporn.com. The chat site was taken down yesterday.

The hack didn't need to probe the most secure dataspace on the YouPorn site, according to EuroSecure, a Swedish security distributor that analyzed the breach.

Sometime around November, 2007, a "careless programmer" left the debug logging function turned on on the main YouPorn server farm, according to Anders Nilsson, CTO at EuroSecure.

Debug logging is usually turned off after the last round of update testing during any web server migration, but this one, somehow, was not,

Worse than just collecting performance data and configurations, the debug log collected copies of every new registration at the site since it was turned on.

Debug logs are typically available through publicly accessible URLs, so programmers testing the site can examine the results without having to log directly into the server.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question