StripChat, one of the top five adult cam services on the internet, had a security breach, exposing the personal information of millions of users and adult models.
StripChat exposed its ElasticSearch database cluster on the internet without a password for more than three days between November 4 and November 7. Security researcher Bob Diachenko found the leak earlier this month.
The unprotected servers spilled a treasure mine of highly sensitive information, according to Diachenko, who reported his discoveries in a blog post published today.
Diachenko said he immediately informed StripChat about the leaking cluster after spotting the servers and determining that the data belonged to the company.
The cam site protected its server a few days later, according to the researcher, but without offering a response or explanation for what transpired.
Despite a serious security breach affecting the personal information of over 65 million users, StripChat has yet to publicly notify or acknowledge the problem as of this writing, an action that might result in a harsh GDPR fine for the Cyprus-based company.
StripChat has yet to respond to The Record’s requests for comment, which were issued via email and Twitter earlier today.
It’s unknown if anyone other than Diachenko discovered and accessed StripChat’s database, but if they did, the information would put everyone involved in danger.
After Cam4 disclosed 7 TB of internal data in May 2020 and PushyCash exposed the details of 4,000 cam models in January 2021, the StripChat incident is the third big security breach at an adult cam site operator.
Diachenko discovered a similar very sensitive data leak in August 2019 at a Spanish brothel chain that operates “men’s clubs” in Barcelona and Valencia, where prostitution is permitted but not in an organised fashion like brothel homes, which are still illegal.