How much do you like watching adult films? Because they seem to enjoy watching you, and now they’ve got their hands wrapped around your personal info.
When you sign up to a porn site, you expose a lot of sensitive personal info without even knowing it. To demonstrate this fact, a mystery man who describes himself as a “white hat hacker” claims he’s acquired tens of thousands of customer records from popular website GayHoopla (which features models like Alex Jones and Sean Costin, pictured) and its cousin site, HotGuysFuck.
Related: Grindr Hacker, Like Many Of The App’s Users, Gets Off Easy
“When I alerted the sites of their massive security issues, the owners just ignored me,” he tells Motherboard via encrypted email. “I thought they would take it more seriously if I showed them the data. Unfortunately, that didn’t work either; they just sent me weird threats.”
How about we take this to the next level?
Our newsletter is like a refreshing cocktail (or mocktail) of LGBTQ+ entertainment and pop culture, served up with a side of eye-candy.
Most of the data was easy to obtain and in fact publicly exposed; the rest was obtained by chipping away at overt vulnerabilities to the site’s design.
To demonstrate he means business, GP Whitehat showed Motherboard a slew of plain text passwords, email addresses, user names, and IP addresses.
Both websites are owed by Blurred Media LLC.
“This really angers me that they couldn’t/didn’t catch this breach,” one GayHoopla member said.
Related: ISIS Twitter Accounts Hacked With Gay Porn, Rainbows Galore
GP Whitehouse has in his possession about 30,000 records, some of which also include home addresses. (And if you’re a member of VoyeurBoys, beware, because he’s obtained data from that site, too.)
According to a harried rep for Blurred Media LLC, “This individual has refused to identify himself to us or discuss how or even why he has attacked us. He has admitted to stealing our private property, has issued threats against us personally and our business, has vandalized a part of the website, and has used the stolen property in an attempt to damage our business.”
GP Whitehat has allegedly threatened Blurred Media LLC’s owner by sending him an email that contains their Social Security Number, a fact verified by Motherboard.
The hacker assures the publication that he’s never been employed or affiliated with the sites. “I am categorically not a former employee, associate, or contractor of the site, nor do I know any.”
He promises the data will neither be publicly distributed nor put on sale.
Then again, hackers are notorious for their wild ways.
Related: Ass Appeal: Queerty’s 10 Favorite Male Nude Photo Leaks
Bob LaBlah
“Most of the data was easy to obtain and in fact publicly exposed; the rest was obtained by chipping away at overt vulnerabilities to the site’s design.”
He found that data by mining for it. I have to side with the owners of the site for threatening to beat his rear end for doing so because only a person hellbent to find information like that would have done that. So what’s next? Either buy his idea of “security” or he informers the sites customers?
Bob LaBlah
I have clicked on several “third party” sign-in commenters here on Queerty and was blown completely away with the b/s that they were peddling. Rather then click on the reply tab I simply type in the name and go from there when it is a third party. Be careful when you click on “links” because you never know where they are going and who follows up on them or for what reason. Click at your own risk.
ymck
@Bob LaBlah: Someone hellbent on a job in computer security or just kinda bored. It’s really not hard with a free or open source tools.
Bob LaBlah
@ymck: What I wonder is how many of these hacked people proved to be worth the time it took to hack into their base. The majority of all credit cards are maxed out anyway so where is the “profit”. or justification for all the effort? I don’t get it. I have said only a person with a sick mind would bother doing something like that. Imagine sitting in front of a computer and watching someone do nothing else for hours, days, weeks of reading news articles and enjoying the fact that they know you don’t know they are watching you. Sick, isn’t it?
Invader7
Won’t join those sites or any others. I get my FREE porn through search engines-could care less if Goolge or the FEDs know what I’m watching. They’re probably getting off to it too !!!
enfilmigult
Stupid, stupid stupid website administrators. This is a very standard practice in cybersecurity—if they don’t listen when you point out a flaw, you prove the flaw exists. That they’re in a tizzy now and claiming he hasn’t said why he did it is, well, insane. He’s pressing the problem right into their faces and they still don’t get it.
I actually like GayHoopla’s stuff and might have gotten a membership, but no fucking way now, if those are the clowns handling personal data.