Adult live-streaming site CAM4’s data leak exposes millions of records

Security researchers have uncovered a database exposing 7 terabytes of information of adult live-streaming site CAM4.com.

 

Security researchers, led by Anurag Sen, at SafetyDetectives have discovered that adult live-streaming website CAM4.com accidentally leaked a substantial amount of data, stretching into billions of records. According to the blog post by the security researchers, the exposed server’s database exceeded 7 terabytes, with logs dating back to March 2020. Highly personal information of many site users was available for anyone to access.

CAM4, an adult website owned by Irish company Granity Entertainment, is often used by amateur webcam performers to earn money from tips or private shows. CAM4 gets millions of visitors every day, with hundreds of thousands of private shows broadcast every week.

According to SafetyDetectives, millions of personally identifiable information entries were available for anyone to see. The information exposed includes: first and last names, email addresses, country of origin, sign-up dates, gender preference and sexual orientation, device information, miscellaneous user details such as spoken language, usernames, payments logs including credit card type, amount paid and applicable currency, user conversations, transcripts of email correspondence, inter-user conversations, chat transcripts between users and CAM4, token information, password hashes, IP addresses, fraud detection logs, spam detection logs.

“In total, around 11 million records contained emails with some entries containing multiple email addresses relating to users from multiple countries,” the researchers have said.

They were also able to determine that USA (6.5 million), Brazil (5.3 million), Italy (4.8 million) and France (4.1 million) were the most affected countries, with Germany and Spain following closely behind with 3 million and 2.4 million record leaks respectively.

It is not known whether malicious actors accessed the database

Once the security researchers contacted the company, the unsecure database was immediately taken down. However, if malicious parties were able to access the data when it was available, they could use it to perform sophisticated spear-phishing attacks, as well as for blackmail. It’s not only users themselves that could be affected, but their family members and friends as well.

“This information could then be weaponized to compromise other individuals and groups such as family members, colleagues, employees and clients of other businesses,” researchers said in the blog post, though it is not known whether malicious actors had accessed CAM4’s exposed database while it was available.

Data leaks involving adult websites can often have devastating consequences. Many people are still feeling the effects from the 2015 Ashley Madison data leak, with people still being blackmailed and becoming targets of sextortion campaigns.