TechCrunch: Cam Network Data Breach Exposed Millions of Users, Performers

In a report published Sunday, Zack Whittaker of TechCruch wrote that a popular network of cam sites operated by the Barcelona-based company VTS Media “exposed millions of sex workers and users after the company running the sites left the back-end database unprotected.”

According to Whittaker, the network’s database “containing months-worth of daily logs of the site activities, was left without a password for weeks.” Sites on the network reportedly include amateur.tv, placercams.com and webcampornoxxx.net.

The logs included records of when users logged in “including usernames and sometimes their user-agents and IP addresses, which can be used to identify users,” Whittaker wrote, adding that “(n)one of the data was encrypted.” Whittaker also reported that the data also included videos watched and rented by users, thereby “exposing kinks and private sexual preferences.”

The exposed database was originally discovered by researchers at the cybersecurity firm Condition:Black. The founder of Condition:Black, John Wethington, termed the situation “a serious failure from a technical and compliance perspective.”

“After reviewing the sites’ data privacy policy and terms and conditions, it’s clear that users likely had no idea that their activities being monitored to this level of detail,” Wethington said. “Users should always take into consideration the implications of their data leaking but especially where the implications could be life altering.”

In a statement issued Monday by company spokesperson Hector Ros Oliver, VTS Media confirmed the breach, but denied many of the claims in Whittaker’s report.

“First of all, we would like to state that we are fully aware of the incident and that our team is working tirelessly to solve any issues that may arise,” Oliver said. “We also want to underline that, as a EU-based company, we are fully compliant with the Regulation EU 2016/679, also known as the General Data Protection Regulation.”

In the statement, Oliver also asserted that “100% of the data stored in our main database is encrypted and unreachable,” and that the data at issue in Whittaker’s report “consists of technical logs, which are not processed.”

“This data is automatically erased after 6 months and is exclusively used for technical reviews, quality controls and to solve our users’ requests,” the statement continued.

Oliver also said the number of users and models whose data was potentially revealed in the breach was not as large as the number cited in Whittaker’s report – but the number is still substantial, even by VTS’ accounting.

“It has been said that the security breach has exposed data from millions of users, but we would like to state that we’re talking about 330,000 users,” Oilver said.

Most saliently, the company stated that “as far as we are aware, no one aside from those who discovered the breach had access to the data nor that those technical logs have been downloaded or published on the internet” and “only around 0,46% of our camgirls have been affected by having some sensitive data exposed, and they will be contacted shortly.”

The VTS statement concluded by thanking the security firm for notifying them of the problem, saying the company is “grateful to Condition:Black for the warning and will take all necessary measures to avoid similar incidents in the future.”

Photo by Markus Spiske temporausch.com from Pexels