Hackers: 380K+ xHamster Accounts for Sale
Usernames, passwords and email addresses for more than 380,000 xHamster accounts are for sale on the Darknet. The breach brings to more than 500 million the number of porn-site user accounts compromised this year.
xHamster claims to have 12 million registered users, so the Hackers got away with data for only about 3 percent of the tube site’s fans. That may be good news for the 11.5 million users who weren’t affected, but hardly comforts those who were — especially the 70 or so military personnel and government employees who had the poor judgment to use their work email addresses.
Motherboard first reported the leak, based on data from the breach-notification site Leakbase. Motherboard’s staff verified the report by testing 50 random accounts; all were viable. Another random sampling checked against known hacked accounts indicated the xHamster data was “fresh meat.”
According to Leakbase, xHamster encrypted accounts using the long-in-the-tooth MD5 hashing algorithm, which security experts consider a mere inconvenience to hackers. The 2015 Ashley Madison database hackers employed the same algorithm.
“The fact [xHamster thinks] the hashes are secure is a blatant example of the faulty security placed in companies even to this day,” a Leakbase representative told The Next Web.
Despite Motherboard’s determination the leaked accounts still worked, xHamster denied the breach.
“The only way to respond to this news is to coin a new term: ‘Fhack.’ A fhack is best defined as a fake hack,” xHamster spokesman Alex Hawkins told Motherboard. “There was a failed attempt to hack our database which occurred four years ago. The integrity of our user data is secure. Passwords are encrypted and impossible to hack. In short, this was a successful fhack, and a failed hack.
“We cannot validate that the emails [in the current leak] are real, and we don’t believe that this is a genuine database,” he added.
xHamster didn’t respond to a request for comment from YNOT.
As breaches go, the alleged xHamster break-in was the smallest to hit the media during 2016. In September, Brazzers confirmed hackers stole from its database nearly 800,000 usernames, emails and passwords. In mid-November, hackers reportedly made off with account details for more than 412 million FriendFinder users.
The most notorious adult website breach occurred in July 2015, when infamous hacker collective The Impact Team lifted 25 gigabytes of company data from infidelity dating site Ashley Madison’s poorly encrypted server.
Though porn-site leaks — like the one at Ashley Madison — can have disastrous results for some users, mainstream breaches put adult-site hacks to shame. The year 2014 was an extremely busy one in the mainstream. Hackers stole personal details for about 47,000 employees from Sony Pictures Entertainment. eBay admitted the accounts of as many as 145 million users may have been compromised.
In the most egregious attack of 2014, Yahoo lost more than one-half billion user accounts to hackers. The company didn’t reveal the leak until this year.