Almost 800,000 account holders on porn site Brazzers have had their details breached thanks to a vulnerability in the vBulletin forum software, potentially exposing some to online extortion attempts.
Some 790,724 unique email addresses, as well as user names and plain text passwords, were exposed in the data dump, verified separately by monitoring sites Vigilante.pw and Have I Been Pwned?
It appears to have come from a cyber-attack launched back in 2013, according to Troy Hunt, who runs the latter site.
Although the incident affected the Brazzers forum, users of the main site might be hit too.
“The incident occurred because of a vulnerability in the said third party software, the 'vBulletin' software, and not Brazzers itself. That being said, users accounts were shared between Brazzers and the 'Brazzersforum' which was created for user convenience,” spokesman Matt Stevens told Motherboard.
"That resulted in a small portion of our user accounts being exposed and we took corrective measures in the days following this incident to protect our users.”
Bugs in vBulletin software have been responsible for a string of data breaches that have come to light over the past few months, including Canonical, Epic Games and GTAGaming.
Hunt has in the past laid the blame not necessarily at vBulletin’s door but the admins who have failed to keep their systems up to date with the latest vendor patches.
In the case of the Brazzers forum, there’s also the possibility of Ashley Madison-style follow-up blackmail attempts, especially for the 1,400 .mil account holders Hunt claims are affected by the breach.
“Problem with a hack like that is it's a *forum*. Worse than just adult website creds, this is what people were talking / fantasising about,” tweeted Hunt yesterday.
As with all breaches of this nature, users would be recommended to change their usernames and passwords for this site and any others which they share credentials for.