November 06, 2019 |
TechCrunch: Cam Network Data Breach Exposed Millions of Users, Performers |
In a report published Sunday, Zack Whittaker of TechCruch wrote that a popular network of cam sites operated by the Barcelona-based company VTS Media âexposed millions of sex workers and users after the company running the sites left the back-end database unprotected.â According to Whittaker, the networkâs database âcontaining months-worth of daily logs of the site activities, was left without a password for weeks.â Sites on the network reportedly include amateur.tv, placercams.com and webcampornoxxx.net. The logs included records of when users logged in âincluding usernames and sometimes their user-agents and IP addresses, which can be used to identify users,â Whittaker wrote, adding that â(n)one of the data was encrypted.â Whittaker also reported that the data also included videos watched and rented by users, thereby âexposing kinks and private sexual preferences.â The exposed database was originally discovered by researchers at the cybersecurity firm Condition:Black. The founder of Condition:Black, John Wethington, termed the situation âa serious failure from a technical and compliance perspective.â âAfter reviewing the sitesâ data privacy policy and terms and conditions, itâs clear that users likely had no idea that their activities being monitored to this level of detail,â Wethington said. âUsers should always take into consideration the implications of their data leaking but especially where the implications could be life altering.â In a statement issued Monday by company spokesperson Hector Ros Oliver, VTS Media confirmed the breach, but denied many of the claims in Whittakerâs report. âFirst of all, we would like to state that we are fully aware of the incident and that our team is working tirelessly to solve any issues that may arise,â Oliver said. âWe also want to underline that, as a EU-based company, we are fully compliant with the Regulation EU 2016/679, also known as the General Data Protection Regulation.â In the statement, Oliver also asserted that â100% of the data stored in our main database is encrypted and unreachable,â and that the data at issue in Whittakerâs report âconsists of technical logs, which are not processed.â âThis data is automatically erased after 6 months and is exclusively used for technical reviews, quality controls and to solve our usersâ requests,â the statement continued. Oliver also said the number of users and models whose data was potentially revealed in the breach was not as large as the number cited in Whittakerâs report â but the number is still substantial, even by VTSâ accounting. âIt has been said that the security breach has exposed data from millions of users, but we would like to state that weâre talking about 330,000 users,â Oilver said. Most saliently, the company stated that âas far as we are aware, no one aside from those who discovered the breach had access to the data nor that those technical logs have been downloaded or published on the internet” and “only around 0,46% of our camgirls have been affected by having some sensitive data exposed, and they will be contacted shortly.” The VTS statement concluded by thanking the security firm for notifying them of the problem, saying the company is âgrateful to Condition:Black for the warning and will take all necessary measures to avoid similar incidents in the future.â Photo by Markus Spiske temporausch.com from Pexels |