The popular adult cam site StripChat has been found exposing the personal data of millions of users and adult models. The security breach has been discovered by security expert Bob Diachenko at the beginning of November 2021.
The researcher said he discovered an ElasticSearch database cluster belonging to StripChat available on the internet without authentication. The exposed cluster contained nearly 200 million records in total, comprised of several databases.
The exposed info included data of 65 million users registered on the site (username, email, IP address, ISP details, tip balance, account creation date, last login date, account status); data of 421,000 models broadcasting on the site (username, gender, studio ID, live status, tip menus/prices, strip score); records of 134 million transactions (information about tokens and tips paid by users to models, including private tips); and data about 719,000 chat messages saved in a moderation database (the user and model ID involved in the conversations, including both private and public messages).
According to Diachenko, he informed StripChat about the data breach on November 5, 2021, but never received a response from the company. However, the database was secured two days later - on November 7.