"The data was found by someone sweeping websites for publicly accessible, but non-linked ('hidden') folders, looking for either porn or sensitive material like this, and struck gold," Nilsson told TheRegister.
The YouPorn exposure wasn't really a hack, since the data was available on a public, non-advertised URL, so it's not a good comparison with the hack of the Brazzers porn portal last week, Nilsson said.
A 17-year-old hacker from Morocco claimed to have broken into the Brazzers site and stolen the personal information of 350,000 users. He posted some of the data to prove he did it.
He did not get any credit-card data, Brazzers spokespeople told the Associated Press.
The Moroccan, who claimed affiliation with Anonymous, got into the site via an inactive but linked user forum, according to Brazzers.
The hacker said he cracked the porn site to expose security flaws and weaknesses.
That makes two major porn-site hacks in two weeks, though the two appear unconnected.
Other porn sites should watch their step and tighten their security, though, if they don't want to risk being covered by writers who can't resist horrible puns in stories about anything salacious or tawdry. Brazzers, YouPorn (and CIA.gov, come to think of it) qualify as both.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.