Dutch sex-work website forum Hookers.nl confirms a data security breach on Thursday, October 10, 2019. Hackers who gained unauthorized access to the forum reportedly obtained information on approximately 250,000 account users. The website allegedly used by both sex workers and its customers.
Apart from the Dutch website, the hacker also breached the online sex forum on Italy called EscortForumIt, notes ZD Net.
According to Forbes, email addresses were stolen by hackers, who tried to sell the information on a public hacking site. For each information, the individual asks for $300, said NOS.
Passwords and usernames were also mined by the entity. Around 300,000 accounts were garnered from the Dutch sex work forum, while another 33,000 was obtained from the Italian website. In an exclusive interview with Dutch broadcasting company NOS, the hacker disclosed that IP addresses were also mined.
Despite the passwords being protected by hashed encryption, these may also be cracked by professionals, states Forbes.
After conducting a series of investigations, authorities and cybersecurity researchers say the hacker was of Bulgarian origin, reports ZD Net. The Bulgarian entity goes by the name InstaKilla.
Besides these two reported data breaches, InstaKilla is also held responsible for two other incidents. These include breaching the Comodo user forum and breaking in the Zooville forum, a zoophilia and bestiality forum. The individual responsible for these breaches also leaked the data on the National Revenue Agency of Bulgaria last July 2019.
Both the Hookers.nl website and the Italian forum were found to be running on outdated versions of the vBulletin software. The hacker reached out to ZD Net, revealing he used a vBulletin zero-day (CVE-2019-16759) to enter these sites.
Although Forbes reports immediate action has been taken on, the company is looking to take legal action against the hacker. In addition, the company has also reported the incident to the Dutch authorities. vBulletin supposedly issued a patch to address the problem.
Following this massive data breach, moderators of the Dutch sex work website urged its users to change their credentials.
Possible Outcomes of the Breach
While sex work and prostitution are both legally recognized in the Netherlands, the implications of the leak remain huge. The main issues stem from real identities being leaked to the public. Moreover, sex workers and customers in the industry may face blackmail or other potentially damaging outcomes due to this breach.
Though information has not been bought, the hacker remains confident that people would purchase this information.