[BreachExchange] Dutch Prostitution Site Hookers.nl Hacked—250,000 Users’ Data Leaked

[Nora Butkovich]

https://www.forbes.com/sites/thomasbrewster/2019/10/10/dutch-prostitution-site-hookersnl-hacked--250000-users-data-leaked/#11667ec622f8

Hackers have obtained the data and personal details of around 250,000 users
of the Dutch sex-work forum Hookers.nl.

The breach was confirmed by a Hookers.nl moderator on Thursday, who said
the forum software supplier, vBulletin, had reported that a vulnerability
had allowed an outsider access to site’s database.

“Action has been taken as quickly as possible. vBulletin has released a
software patch that we have implemented after testing to address the leak,”
the moderator wrote.

“Nevertheless, a data breach has occurred and the email addresses have been
stolen from all users.” They claimed the email addresses were being offered
for sale online by the hackers and recommended users change their login
details.

“Offering this information for sale is punishable by law, and if possible
we will take legal action,” the moderator added. “In addition, a report has
been made to the Dutch data protection authority.”

The site is reportedly used by both sex workers and their customers. Though
prostitution is legal in the Netherlands, one serious concern around such
leaks is that users real identities will be exposed and they will face
blackmail, personal or professional consequences. That’s what happened in
the bigger breach of adultery hook-up site Ashley Madison
<https://www.forbes.com/sites/thomasbrewster/2017/12/06/ashley-madison-private-photos-exposed-by-hacks/>,
which resulted in many a personal catastrophe.

“The hacker, who appears to show no remorse, could potentially accept
payment and still leak the data to the internet,” said Ray Walsh, digital
privacy advocate at ProPrivacy.com. “For victims, it is going to be hard to
make a decision, the temptation to pay up may be high, but there is no
guarantee that this will result in their identity being kept a secret."

Dutch broadcaster NOS
<https://nos.nl/artikel/2305470-e-mailadressen-bezoekers-prostitutieforum-uitgelekt-en-te-koop-aangeboden.html>,
which broke the story, spoke to the hacker responsible, confirming that the
data leak includes user names, IP addresses and passwords. Those passwords
are protected by encryption, though it’s possible they could be cracked.

NOS viewed some of the data and said it could determine some real names of
users. The publication also spoke to the hacker, who said the data hadn’t
yet sold, but they expected it would soon. “Certainly people want to buy
it, bro,” he says.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20191010/34e4b9a1/attachment.html>