Data Leak Archives - The Dark Web Journal

How an Adult Website Hack Exposed 1.2 Million Wife Lovers

4 years ago in Uncategorized by Antonio Brown

On October 18, 2018, a hacker compromised the database of the adult entertainment website Wife Lovers.

In this article, you will learn about the Wife Lovers hack and how you can protect yourself from this type of data leak.

The Wife Lovers Hack and Response

Wife Lovers’ site owner closed the site three days after receiving a notification that the site has been compromised.

A notice was immediately placed on the site warning users to change passwords on other sites, especially if they were identical to the passwords on the hacked site.

The site had been operating for 21 years until the hack. According to Robert Angelini, Wife Lovers and the seven sites had less than 107,000 people posting to the site frequently.

In an email responding to the hack, Angelini said:

“It doesn’t matter if we are talking about 29,312 passwords, 77,000 passwords, or 1.2 million or the actual number, which is probably in between. And as you can see, we are starting to encourage our users to change all the passwords everywhere.”

A notice on the website explained that the compromise was noticed when an “unnamed security researcher” exploited a vulnerability to download message board registration information.

The researcher informed Angelini that they were not going to publish the information but ended up doing that to identify the breached websites. A seemingly white hat hacker turned out to be a black hat hacker in disguise.

The hack was possible due to the DEScrypt algorithm used by the sites to encrypt user data. The encryption mechanism was extremely weak, according to hacking experts.

DEScrypt was created in the 1970s and was adopted by the National Security Agency (NSA), who made some modifications to their version. The regular version makes it nearly impossible for users to use strong passwords.

Security researcher Troy Hunt analyzed the hack. He tweeted the details.

13 chars base64 usually descrypt (-m 1500 in hashcat)

VTB3d1ZQYv.7o:ecotone
— hashcat (@hashcat) October 18, 2018

It took password cracking expert Jens Steube seven minutes to decipher the given hash on Twitter.

The breach only affected free users of the site because the site stores details of paid users separately, according to a company statement.

What Could This Mean For Users?

Adult sites like Wife Lovers are prime targets for hackers due to what they can do with such information.

For instance, the 2015 hack of Ashley Maddison led to several follow up attacks. The breach made the intimate details of 36 million accounts public. The following weeks saw victims receiving emails threatening to inform their spouses and loved ones about their infidelity.

Although the Wife Lovers hack may not be as massive as the Ashley Maddison, the consequences could be more damaging.

An examination of the exposed data by Ars Technica revealed the potential damage that it could cause. A web search of some private emails in the breach shows a connection with Amazon, Instagram, and other big sites. These connected accounts gave away the user’s real name, geographic location, information about family members, and other personal details.

With this information, bad actors can target victims and blackmail them. In some cases, hackers also use such details for identity theft.

What Should I Do If I Ever Face This Situation?

To avoid this situation entirely, you should use different emails for non-essential platforms. Furthermore, to avoid panic during a site compromise, passwords should be different across sites to prevent a situation where a breach of a single account can lead to many more.

However, if you fall victim to such a hack, the best step to take is to update your passwords on all sites. Also, change your usernames on other sites if it is similar to the hacked website.

The most important tip to follow while you surf the web is to avoid sites that have poor user data protection. If you don’t trust the website to protect your data, don’t give it to them.

Learn more ways to protect yourself online by reading our article on Top Privacy Tools To Protect Yourself Online.

What the Fappening 2.0 Can Teach Us About Personal Cybersecurity

4 years ago in Hacking by Antonio Brown

A major hack that led to the release of intimate photos of celebrities resurfaced again in 2017 dubbed the Fappening 2.0.

In this article, we look at the event and what it can teach us about personal cybersecurity.

What is the Fappening 2.0?

In 2014, a major leak occurred that included several intimate photographs of celebrities and other known people. The unfortunate event repeated itself in 2017, leaking private photos of hundreds of celebrities.

Fappening 2.0, also known as Celebgate 2.0, started with the circulation of private photos of Emma Watson and Amanda Seyfried on the dark web. Later, these images found their way to 4Chan and then to Reddit. According to a report by Softpedia, the Fappening 2.0 affected several dozen other celebrities.

Rose McGowan (actress), Paige (WWE star), Katie Cassidy (actress), Alyssa Arce (model), Rhona Mitra (actress), Analeigh Tipton (figure skater & actress), Kristanna Loken (actress), April Love Geary (model), Iliza Shlesinger (comedian), and Lili Simmons (actress) were among the victims.

Just like the first Fappening event, these images were stolen by targeting cloud accounts containing pictures of these celebrities.

One of the hackers arrested concerning Fappening 1.0, Edward Majerczyk, revealed the method through which he obtained these pictures. According to Majerczyk, he sent phishing emails to his victims that appeared to be security messages from Internet Service Providers.

The Department of Justice reported that “Majerczyk accessed at least 300 accounts, and at least 30 accounts belonging to celebrities” from November 2013 to August 2014.

Anyone could be in this situation due to the general lack of security consciousness among internet users.

The rest of this article looks at measures we can take to avoid being victims of hackers.

What the Fappening Can Teach You About Cybersecurity

People use the internet for several things, and one of them is to share private information like photos. However, sending private information across the internet is risky without the appropriate protection.

When you share information, the protection of the data depends on the parties you share them with. This is very true for private content usually shared among couples. Your other half is required to protect the data as much as you do to prevent loopholes that can be exploited by bad actors.

One of the effective ways to ensure security on both ends is to use applications that exist for the private exchange of information.

Chat applications like Signal and Telegram (secret chat feature) provide better security for intimate conversations.

Signal

Signal is a privacy-centric messaging app that uses end-to-end encryption by default. Moreover, Signal doesn’t store any message metadata or use the cloud to backup messages like What’s App.

Using this application for general chats, especially private chats, is a better option than using most apps. For instance, the European Commission asked staff to move all instant communication to Signal in February 2020.

Telegram Secret Chats

Telegram’s secret chat is popular among young people for intimate conversations. This feature is different from regular chats and requires you to start a new “secret chat” conversation with people to use it.

Secret chat uses end-to-end encryption by default and leaves no trace on Telegram servers. Also, you can’t message forwarding from secret chats, and you are informed of any screenshots or screen recordings done by the other party.

More Steps to Protect Your Privacy

Beyond using private chat platforms, there are other steps to take to ensure that your private data is protected.

Avoid Auto Backup of Photos on Cloud

Do not backup intimate photos on the cloud. In most cases, you do not intentionally save these photos or videos to the cloud as back up to cloud storage is mostly automatic.

To avoid saving unwanted photos to your cloud storage, disable automatic backups, or frequently check your cloud storage application to remove unwanted images permanently.

Use Strong Passwords

Always us strong passwords set for your personal accounts like email and social networks.

A strong password can not be guessed easily based on your personal information. Also, avoid using the same password for all accounts on the internet.

Additionally, a second layer of security makes it more difficult for hackers to access your accounts. Two-factor authentication (2FA) and security device keys are excellent tools to protect your most important accounts.

Don’t Fall for Phishing Emails

It is unlikely that you have not yet received phishing emails given their prevalency today. Most are easy to recognize as they are obviously not from a real service provider. However, hackers are getting more and more sophisticated.

To ensure you don’t fall for a phishing email, avoid clicking on links in emails and do not download attachments. Unless you are expecting an email from service provider, it is better to access the platforms directly. And not through links in an email.

The Bottom Line

The burden to keep yourself safe on the internet starts with you. Something like the Fappening could happen to you too if you fail to take personal cybersecurity seriously.

If you decide to keep private information online, make sure you take the neccessary steps to ensure that bad actors can’t access it.

More importantly, if you want to be sure that private pictures cannot leak online, you simply shouldn’t take any.

You should also read our article on the Top 5 Privacy Tools You Can Use To Protect Yourself Online.