My Free Cam Archive
⚡ ALL INFORMATION CLICK HERE 👈🏻👈🏻👈🏻
My Free Cam Archive
Hack Brief: An Adult Cam Site Exposed 10.88 Billion Records
CAM4 has taken the server offline, but not before it leaked 7TB of user data.
The list of data that CAM4 leaked is alarmingly comprehensive. Photograph: Getty Images
Everything you ever wanted to know about Equifax, Mariott, and the problem with social security numbers.
A Glimpse of a Future Without White People
The Hacking of Starlink Terminals Has Begun
Three Possible Futures of the Monkeypox Epidemic
Big Takeaways From the FBI's Mar-a-Lago Raid
Brian Barrett is Executive Editor, News at WIRED, overseeing day to day coverage across the site. Prior to WIRED he was the editor in chief of the tech and culture site Gizmodo and was a business reporter for the Yomiuri Shimbun, Japan’s largest daily newspaper.
A vulnerability in the Log4j logging framework has security teams scrambling to put in a fix.
You Need a Password Manager. Here Are the Best Ones
Keep your logins locked down with our favorite apps for PC, Mac, Android, iPhone, and web browsers.
North Korea Hacked Him. So He Took Down Its Internet
Disappointed with the lack of US response to the Hermit Kingdom's attacks against US security researchers, one hacker took matters into his own hands.
The Bitcoin Bust That Took Down the Web’s Biggest Child Abuse Site
They thought their payments were untraceable. They couldn’t have been more wrong. The untold story of the case that shredded the myth of Bitcoin’s anonymity.
Ice Cream Machine Hackers Sue McDonald's for $900 Million
Kytch alleges that the Golden Arches crushed its business—and left soft serve customers out in the cold.
The Hacking of Starlink Terminals Has Begun
It cost a researcher only $25 worth of parts to create a tool that allows custom code to run on the satellite dishes.
Big Takeaways From the FBI's Mar-a-Lago Raid
The fact that a search of Donald Trump's Florida home was even necessary says a lot.
A Long-Awaited IoT Reverse Engineering Tool Is Finally Here
Ten years after it was first unveiled, the powerful firmware analysis platform Ofrak is now available to anyone.
WIRED is where tomorrow is realized. It is the essential source of information and ideas that make sense of a world in constant transformation. The WIRED conversation illuminates how technology is changing every aspect of our lives—from culture to business, science to design. The breakthroughs and innovations that we uncover lead to new ways of thinking, new connections, and new industries.
To revist this article, visit My Profile, then View saved stories .
To revist this article, visit My Profile, then View saved stories .
To revist this article, visit My Profile, then View saved stories .
To revist this article, visit My Profile, then View saved stories .
It’s all too common for companies to leave databases chock full of sensitive information exposed to the great wide internet. But when that company operates an adult livestreaming service, and that data comprises 7 terabytes of names, sexual orientations, payment logs, and email and chat transcripts—across 10.88 billion records in all—the stakes are a bit higher.
The site is CAM4, a popular adult platform that advertises “free live sex cams.” As part of a search on the Shodan engine for unsecured databases, security review site Safety Detectives found that CAM4 had misconfigured an ElasticSearch production database so that it was easy to find and view heaps of personally identifiable information, as well as corporate details like fraud and spam detection logs.
“Leaving their production server publicly exposed without any password,” says Safety Detectives researcher Anurag Sen , whose team discovered the leak, “it’s really dangerous to the users and to the company.”
First of all, very important distinction here: There’s no evidence that CAM4 was hacked, or that the database was accessed by malicious actors. That doesn’t mean it wasn’t, but this is not an Ashley Madison–style meltdown . It’s the difference between leaving the bank vault door wide open (bad) and robbers actually stealing the money (much worse).
"The team concluded without any doubt that absolutely no personally identifiable information, including names, addresses, emails, IP addresses or financial data, was improperly accessed by anyone outside the SafetyDetectives firm and CAM4’s company investigators," the company said in a statement.
The company also says that the actual number of people who could have been identified was much smaller than the eye-popping number of exposed records. Payment and payout information could have exposed 93 people—a mix of performers and customers—had a breach occurred, says Kevin Krieg, technical director of Smart-X, which manages the CAM4 database. Safety Detectives put the number at "a few hundred."
The mistake CAM4 made is also not unique. ElasticSearch server goofs have been the cause of countless high-profile data leaks . What typically happens: They’re intended for internal use only, but someone makes a configuration error that leaves it online with no password protection. “It’s a really common experience for me to see a lot of exposed ElasticSearch instances,” says security consultant Bob Diachenko, who has a long history of finding exposed databases. “The only surprise that came out of this is the data that is exposed this time.”
And there’s the rub. The list of data that CAM4 leaked is alarmingly comprehensive. The production logs Safety Detectives found date back to March 16 of this year; in addition to the categories of information mentioned above, they also included country of origin, sign-up dates, device information, language preferences, user names, hashed passwords , and email correspondence between users and the company.
Out of the 10.88 billion records the researchers found, 11 million contained email addresses, while another 26,392,701 had password hashes for both CAM4 users and website systems.
"The server in question was a log aggregation server from a bunch of different sources, but server was considered non-confidential," says Krieg. "The 93 records got into the logs due to a mistake by a developer who was looking to debug an issue, but accidentally logged those records when an error happened to that log file."
It’s hard to say exactly, but the Safety Detectives analysis suggests that roughly 6.6 million US users of CAM4 were part of the leak, along with 5.4 million in Brazil, 4.9 million in Italy, and 4.2 million in France. It’s unclear to what extent the leak impacted both performers and customers.
Again, there’s no indication that bad actors tapped into all those terabytes of data. And Sen says that CAM4's parent company, Granity Entertainment, took the problematic server offline within a half hour of being contacted by the researchers. That doesn’t excuse the initial error, but at least the response was swift.
Moreover, despite the sensitive nature of the site and the data involved, it was actually fairly difficult to connect specific pieces of information to real names. “You really have to dig into the logs to find tokens or anything that would connect you to the real person or anything that would reveal his or her identity,” says Diachenko. “It should not have been exposed online, of course, but I would say it’s not the scariest thing that I’ve seen.”
Which is not to say that everything’s totally fine. If anyone were to have done that digging, they could have found out enough about a person—including sexual preferences—to potentially blackmail them. On a more mundane level, CAM4 users who reuse their passwords would be at immediate risk for credential stuffing attacks , potentially exposing any accounts where they don’t use strong, unique credentials.
Or consider the inverse: If you have the email address of a CAM4 user, Sen says, there’s a decent chance you can find an associated password from a previous data breach, and break into their account.
The data in the leak could have potentially put CAM4 at risk, as well; privileged fraud and spam detection information would have given potential attackers a road map for how to get around those defenses.
Krieg says that the CAM4 has already taken steps to prevent a repeat of the data leak. "It’s a server that should not have an outward facing IP in the first place," he says. "We’re going to be moving it to our internal LAN to make it a lot harder for people to get access to this type of server, while making sure that nothing is on it that should not be on it, which includes any personally identifiable information."
Data leaks happen. They’re not as bad as breaches, but with information this sensitive, the onus is on companies to take every precaution to protect it—not the bare minimum.
This story has been updated to include a statement from CAM4 and comments from Kevin Krieg of Smart-X.
© 2022 Condé Nast. All rights reserved. Use of this site constitutes acceptance of our User Agreement and Privacy Policy and Cookie Statement and Your California Privacy Rights. Wired may earn a portion of sales from products that are purchased through our site as part of our Affiliate Partnerships with retailers. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast. Ad Choices
Performance & security by Cloudflare
You do not have access to www.metrotimes.com.
The site owner may have set restrictions that prevent you from accessing the site. Contact the site owner for access or try loading the page again.
The access policies of a site define which visits are allowed. Your current visit is not allowed according to those policies.
Only the site owner can change site access policies.
Ray ID:
739130de4a269d8d
739130de4a269d8d Copy
More
Home
Categories Bing Gaming and Xbox Internet Explorer Microsoft 365 and Office Microsoft Advertising Microsoft Edge Microsoft Health and Band Microsoft Research Microsoft Teams Mobile Devices MSN Music, Movies & TV Office Insider Outlook Skype Surface Virus and Malware Windows Windows Essentials Windows Insider Program
Participate Ask a Question
Getting Started
FAQ
Community Code of Conduct
Discuss Microsoft Support Community
Meet Our Community Leaders
All Microsoft
Microsoft 365
Office
Windows
Surface
Xbox
Deals
Small Business
Support
Software
Software
Windows Apps
OneDrive
Outlook
Skype
OneNote
Microsoft Teams
Microsoft Edge
PCs & Devices
PCs & Devices
Computers
Shop Xbox
Accessories
VR & mixed reality
Phones
Entertainment
Entertainment
Xbox Game Pass Ultimate
PC Game Pass
Xbox games
PC games
Windows digital games
Movies & TV
Business
Business
Microsoft Cloud
Microsoft Security
Dynamics 365
Microsoft 365 for business
Microsoft Power Platform
Windows 365
Microsoft Industry
Small Business
Developer & IT
Developer & IT
Azure
Developer Center
Documentation
Microsoft Learn
Microsoft Tech Community
Azure Marketplace
AppSource
Visual Studio
Other
Other
Microsoft Rewards
Free downloads & security
Education
Virtual workshops and training
Gift cards
Students and parents deals
Licensing
Microsoft Experience Center
View Sitemap
Choose where you want to search below
Search
Search the Community
Search the community and support articles
Outlook
Outlook.com
Search Community member
This thread is locked. You can follow the question or vote as helpful, but you cannot reply to this thread.
Type of abuse
Harassment or threats
Inappropriate/Adult content
Nudity
Profanity
Software piracy
SPAM/Advertising
Virus/Spyware/Malware danger
Other Term of Use or Code of Conduct violation
Child exploitation or abuse
Cancel
Submit
Type of abuse
Harassment or threats
Inappropriate/Adult content
Nudity
Profanity
Software piracy
SPAM/Advertising
Virus/Spyware/Malware danger
Other Term of Use or Code of Conduct violation
Child exploitation or abuse
Cancel
Submit
Question Info
Last updated July 21, 2022
Views 23,473
Applies to:
Outlook
/
Outlook.com
You’re invited to try Microsoft 365 for free
English (United States)
Sitemap
Contact Microsoft
Privacy
Manage cookies
Terms of use
Trademarks
Safety & eco
About our ads
© Microsoft 2022
This site in other languages
x
Čeština
Dansk
Deutsch
Español
Français
Italiano
Magyar
Nederlands
Norsk Bokmål
Polski
Português
Suomi
Svenska
Türkçe
Ελλη
Snapchat Pornstars
Largehtube
Meganbig52dd