After a hacker downloaded the site’s servers, an online forum supporting female escorts and reviews of their services suffered a data breach.
EscortReviews.com is an online vBulletin forum community for adults that enables escorts located in the United States and Mexico to advertise their services, exchange profile photos, contact details, and biographies with prospective customers. Clients are then able to post reports of their encounters with the personal escort.
With over 2.4 million themes, 12.5 million posts, and over 470,000 users, the web is very active.
A threat performer posted a link to a stolen vBulletin forum database for the EscortReviews.com website this weekend.
This database contains registration information, including display name, email address, MD5 hash passwords, optional Skype account names, optional birthday address, and IP address, for over 472,695 users.
The platform is currently showing visitors an error in the vBulletin database. If the site is unavailable due to the posting of the database or whether the site has been permanently shut down is unclear.
The last cached Google search page from the site is from January 21st, 2021.
The site was running vBulletin 3.8.9, which has known vulnerabilities that could cause the site to be breached by attackers. It is unclear whether one of these flaws was used to hack the forum or whether the website left an unsecured online copy of the database.
Since the site uses MD5 hashed passwords that can be easily broken, it is strongly recommended that members use the same one to change their passwords at other sites.
Using Cyble’s AmIBreached data breach notification services, users of the EscortReviews.com platform may also verify if their information is part of the data breach.
Adult web data breaches, such as those advertising escort services or dating, can be devastating to users if their data is publicly revealed.
Threat actors can use this data to execute targeted blackmail or sextortion attacks, such as the attacks that occurred after the Ashley Madison data breach in 2015.
Perhaps worse, after information about their actions has been released publicly, there are reported cases of data breaches resulting in people committing suicide.