17 November 2021

Popular adult cam chat StripChat exposed data of users and models


Popular adult cam chat StripChat exposed data of users and models

The popular adult cam site StripChat has been found exposing the personal data of millions of users and adult models. The security breach has been discovered by security expert Bob Diachenko at the beginning of November 2021.

The researcher said he discovered an ElasticSearch database cluster belonging to StripChat available on the internet without authentication. The exposed cluster contained nearly 200 million records in total, comprised of several databases.

The exposed info included data of 65 million users registered on the site (username, email, IP address, ISP details, tip balance, account creation date, last login date, account status); data of 421,000 models broadcasting on the site (username, gender, studio ID, live status, tip menus/prices, strip score); records of 134 million transactions (information about tokens and tips paid by users to models, including private tips); and data about 719,000 chat messages saved in a moderation database (the user and model ID involved in the conversations, including both private and public messages).

According to Diachenko, he informed StripChat about the data breach on November 5, 2021, but never received a response from the company. However, the database was secured two days later - on November 7.


Back to the list

Latest Posts

Amid Pegasus scandal, Israel bans cyber software sales to 65 countries

Amid Pegasus scandal, Israel bans cyber software sales to 65 countries

Dropped countries include such countries as Morocco, Mexico, Saudi Arabia, or the UAE.
26 November 2021
CronRAT: New Linux malware that hides behind February 31 to stay undetected

CronRAT: New Linux malware that hides behind February 31 to stay undetected

The malware hides in the Linux calendar system and enables server-side Magecart data theft which bypasses browser-based security solutions.
26 November 2021
New malware campaign targets crypto, NFT and DeFi communities via Discord

New malware campaign targets crypto, NFT and DeFi communities via Discord

The Babadeda crypter is able to bypass signature-based antivirus solutions and was previously observed in malicious campaigns distributing RATs, and LockBit ransomware.
26 November 2021