CAM4 Data Leak Exposes Personal Data of Millions of Users

The digital world is once again tainted by a highly sensitive data leak that puts millions of users at risk of blackmail attempts, identity theft and fraud.

A team of security researchers led by Anurag Sen recently uncovered a leaky database from CAM4, a popular live-streaming adult website. Housed on a misconfigured Elasticsearch server, the unsecure database exposed around 7TB of personal information from platform users and members.

Among the cluster of 10 billion records, the analysists discovered information of CAM4 users, including:

• First and last names
• Email addresses and password hashes
• Country of origin and sign-up dates
• Gender preference and sexual orientation
• Device information
• Miscellaneous user details such as spoken language
• Usernames and user conversations
• Payments logs including credit card type, amount paid and applicable currency
• Transcripts of email correspondence
• Inter-user conversations
• Chat transcripts between users and CAM4
• Token information
• IP addresses
• Fraud and Spam detection logs

After rounding up the personal information, the team was able to pinpoint 11 million records containing emails, 26.3 million containing passwords hashes, and less than 1,000 revealing full names, credit card types and amounts paid to view explicit content on the website.

“US, Brazilian and Italian users were the most heavily affected although the precise number of email records is difficult to gauge accurately due to multiple entries being duplicated,” said researchers.

“The fact that a large amount of email content came from popular domains such as Gmail, Hotmail and iCloud — domains that offer supplementary services such as cloud-storage and business tools — means that compromised CAM4 users could potentially see huge volumes of personal data including photographs, videos and related business information leaked to hackers — assuming their accounts were eventually hacked via phishing as one example,” they later added.

Although the database was immediately taken down by parent company Granity Entertainment, the logs date back to March 16, and cybercriminals could have already scraped the information.

Moreover, let’s not forget the Ashley Madison data breach scandal – victims are still being targeted with blackmail and sextortion campaigns 5 years after the incident.

Given the sensitive nature of the exposed info, the aftermath of the recent data leak could have serious consequences, leaving CAM4 members vulnerable to targeted attacks and phishing emails. On top of any financial losses that may occur, victims can suffer damaging psychological effects, following multiple blackmail attempts or defamation.