Security breaches are not anything new for the tech world but in some cases, the result can be potentially more disastrous than the others. In one such case, 380,000 accounts from porn website xHamster were reportedly compromised in a security breach, which further revealed that 40 email addresses belonged to US Army and around 30 from other government bodies in the US, UK, and other countries.
The database of the compromised accounts contains usernames, email addresses, and poorly-hashed passwords, as per a report by Motherboard (which was tipped by subscription-based security breach notification service LeakBase). However, xHamster has denied that there was a successful security breach in a response to Motherboard.
“There was a failed attempt to hack our database which occurred 4 years ago. The integrity of our user data is secure. Passwords are encrypted and impossible to hack. In short, this was a successful fhack; and a failed hack,” xHamster’s spokesperson told Motherboard. The spokesperson said that the user accounts on the website are encrypted and “impossible” to hack.
However, Motherboard claims that the website independently checked the leaked email addresses and usernames on the website, and was served a notice that said that they already existed on the site. The hashes in the database have reportedly been created with ageing algorithm MD5 that can be cracked with ease.
Even though xHamster is a free porn site, users generally sign up in order to post comments on videos, upload their own videos, or keep a collection of favourites.
The report doesn’t exactly reveal when the hack occurred but says that it happened around the same time a hacker found vulnerability in the website.