Hackers have managed to hack into the database of the Candid Board, a leading upskirt porn site, and expose the data of more than 180,000 users of the site; it has been reported.
The hackers managed to access the database of the site back in September last year and steal all the relevant data of more than 180,000 users of the site.
Some of the details of the users of the site that was stolen include their email addresses, details about dates of birth and even basic weblog details such as the last time that the individuals logged onto the site or made a post.
It has been reported that a source familiar with how the hacking was carried out has indicated that a misconfiguration of the database of the site allowed the hackers to access it.
Candid Board is an underground upskirt porn site that lets users upload photos, videos and sound clips of unsuspecting people engaging in sexual activity. Members of the site can then access the voyeuristic uploads at a flat monthly fee of $19.99.
It has been reported that once the hacker had successfully accessed the database of the site, he chose to contact the hosting service of the website rather than its admins.
‘Rather than try to contact the administrators of the site who, are clearly, not interested in being tracked down, I decided to contact Webair,’ the hacker is reported as saying.
Webair is a leading cloud-based web hosting company. It is further reported that the tech support team of the company quickly accepted that they had noticed an in the functioning of the Candid Board website and promised to contact the administrators of the site immediately.
‘We had a brief conversation with a member of the Webair tech team, and he promised to get in touch with the client immediately,’ the hacker is reported to have said.
But security experts have repeatedly expressed shock at how the hacking has exposed how careless many people are. Of great concern is the manner in which individuals are using their real and official email addresses to sign up to sites that operate by taking advantage of the grey areas in the law.
Tests that were conducted on the leaked data showed that many members were using their real email addresses, with some bearing the domain names of government departments in the UK, Wales and US.
According to Troy Hunt of HaveIBeenPwned, people should avoid using their formal email addresses or sharing a lot of personal information on such sites because it is easy for a determined expert to unravel the identity of members of such sites.