Email addresses of New South Wales school children have been exposed online following a data breach that had affected the popular porn site Luscious earlier this month.
According to reports, 9News has notified the education department of the school regarding the said data breach. The NSW Education Department were quick to investigate and verify the said breach, describing it to be “extremely concerning.”
Researcher Lisa Taylor told 9News that their team were able to access the usernames, email addresses, locations, gender, and activity logs of the site’s users. Among the whopping 1.2 million affected users, about 5000 were discovered to be from Australia and at least 10 email addresses were found to be ending in @education.
According to a spokesperson of the NSW Education Department, it was inappropriate for students to log in on “controversial, offensive or potentially damaging” sites using their school email addresses. Nigel Phair, director of the University of NSW Cyber Canberra, also recognized that the said leak could lead to graver security problems, such as identity theft or phishing attacks via SMS or email.
"Also for identity theft and identity take over, once you have some of their credentials you can build on that and get more identity,” he added.
Luscious, an adult porn website, suffered from a data breach that has exposed over a million users. The security issue was first discovered on August 15 and was publicly disclosed the following day by researchers at vpnMentor.
“Once a Luscious user’s identity is compromised, they can be targeted for more than just bullying,” the researchers warned during the press release. “Hackers could threaten to expose users unless they pay a ransom. Given the sensitive nature of this data breach, victims are incredibly vulnerable and likely to pay.”
Kay Sackey, a spokesperson of Luscious, announced that the security problem concerning the site has now been fixed.
"For a short period of time, private email data was publicly available," she said. "I do not believe anyone saw this except the private security firm."
However, Rachael Falk, chief executive of the Cyber Security Cooperative Research Centre, said the security breach should serve as a lesson.
"Keep your private life private - if you want a parcel delivered or you want to make appointments, use a personal email address," she warned. "It doesn't mean like in this instance, it can't be hacked, but at least there's not necessarily blow-back - you've kept your personal life."
