A leaky database belonging to the infamous Chinese-based adult platform Hjedd exposed sensitive information linked to more than 14 million user accounts.
According to security researcher Anurag Sen, the servers of the adult platform were found leaking more than 24 GB of files with user information. The server had also continued to update itself while leaking more information every second.
The researcher added that no security or authentication was required to access the exposed server and extract user info, including:
- Usernames and nicknames
- Phone numbers
- Member details
- Comments
- Email addresses
- Bcrypt hashed passwords
- IP addresses and details
- Messages between users containing sensitive information
The stolen data of users was also already found to have surfaced on a dark web forum. Researchers at Hackread had discovered last week that cybercriminals had posted a free download of the Hjedd database, which included the data of over 13.4 million user accounts.
Cybercriminals could easily use the personal information found in the leaky database to conduct targeted phishing and extortion campaigns against victims by threatening to reveal their identities to friends and family.
Users could be at risk of falling victim to account takeover attacks as well. In these attacks, cybercriminals could breach the encrypted hashes of the passwords and reveal them in plain text in order to attempt to hijack accounts and steal financial info.