Information security firm vpnMentor has released a report about a leak of nearly 20 GB of information stored by PussyCash and the websites belonging to this network. This is a network of platforms for models commonly known as “camgirls” formed by popular sites like ImLive, Sexier, FetishGalaxy, Supermen, Shemale, sex.sex, among others. This incident has exposed the information of more than 4,000 models, leaking almost 900k files with sensitive information and that could even have a real impact on the lives of those affected.
The data leaking was found as part of a massive web mapping project, using port scanning, particular IP blocks analysis, and testing systems looking for information leaking.
In their report, information security specialists say That PussyCash’s S3 bucket was fully exposed and unencrypted; using a conventional web browser, experts were able to access all the resources hosted in the bucket.
Finding the first signs of the data leak, vpnMentor experts believed that only a few records were exposed in an ImLive bucket; however, continuing the investigation found that PussyCash was the company that owned the bucket Amazon Simple Storage Service (S3).
The discovery took place on January 3 and, just hours later ImLive, PussyCash and Amazon had being notified. A couple of days later, ImLive managers responded to the report, although PussyCash still does not issue any official messages.
Regarding the exposed bucket, it has at least 875,000 keys, which represent different types of files, including videos, photos, video chat screenshots, marketing content and Zip files. In addition, information security experts mentioned that, inside each zip folder are many other files (photos, videos, personal scanned documents), and content that the researchers decided not to open.
The compromised information includes personal data and documentation from thousands of models around the world (mainly Europe and North America), who use these platforms to generate some money through adult content. The information presented varies depending on the place of origin of the models; however, the data they must send to these platforms is similar, so basically general the exposed information consists of:
- Full names
- Date and place of birth
- Nationality/citizenship
- Passport details
- ID photo
- Personal signature
As already mentioned, the files include scans of official documentation and bank cards. As if that weren’t enough, the files also include copies of model contracts with these platforms, including permissions to use your image, which makes the outlook worse for models, information security experts say.
Among the main risks to which models are exposed due to this incident are:
- Identity theft
- Electronic fraud
- Extortion
- Possible breach of contract with the chat platform
- Harassment, among others,
Information security specialists from the International Institute of Cyber Security (IICS) believe that the company may have prevented this mass-reporting by implementing a few basic security measures, such as the establishment of appropriate access rules, ensuring your servers and enabling multi-factor authentication. While these are elementary measures, their absence remains the cause of most similar incidents reported, even above cyberattacks.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.