On October 18, 2018, a hacker compromised the database of the adult entertainment website Wife Lovers.
In this article, you will learn about the Wife Lovers hack and how you can protect yourself from this type of data leak.
The Wife Lovers Hack and Response
Wife Lovers’ site owner closed the site three days after receiving a notification that the site has been compromised.
A notice was immediately placed on the site warning users to change passwords on other sites, especially if they were identical to the passwords on the hacked site.
The site had been operating for 21 years until the hack. According to Robert Angelini, Wife Lovers and the seven sites had less than 107,000 people posting to the site frequently.
In an email responding to the hack, Angelini said:
“It doesn’t matter if we are talking about 29,312 passwords, 77,000 passwords, or 1.2 million or the actual number, which is probably in between. And as you can see, we are starting to encourage our users to change all the passwords everywhere.”
A notice on the website explained that the compromise was noticed when an “unnamed security researcher” exploited a vulnerability to download message board registration information.
The researcher informed Angelini that they were not going to publish the information but ended up doing that to identify the breached websites. A seemingly white hat hacker turned out to be a black hat hacker in disguise.
The hack was possible due to the DEScrypt algorithm used by the sites to encrypt user data. The encryption mechanism was extremely weak, according to hacking experts.
DEScrypt was created in the 1970s and was adopted by the National Security Agency (NSA), who made some modifications to their version. The regular version makes it nearly impossible for users to use strong passwords.
Security researcher Troy Hunt analyzed the hack. He tweeted the details.
It took password cracking expert Jens Steube seven minutes to decipher the given hash on Twitter.
The breach only affected free users of the site because the site stores details of paid users separately, according to a company statement.
What Could This Mean For Users?
Adult sites like Wife Lovers are prime targets for hackers due to what they can do with such information.
For instance, the 2015 hack of Ashley Maddison led to several follow up attacks. The breach made the intimate details of 36 million accounts public. The following weeks saw victims receiving emails threatening to inform their spouses and loved ones about their infidelity.
Although the Wife Lovers hack may not be as massive as the Ashley Maddison, the consequences could be more damaging.
An examination of the exposed data by Ars Technica revealed the potential damage that it could cause. A web search of some private emails in the breach shows a connection with Amazon, Instagram, and other big sites. These connected accounts gave away the user’s real name, geographic location, information about family members, and other personal details.
With this information, bad actors can target victims and blackmail them. In some cases, hackers also use such details for identity theft.
What Should I Do If I Ever Face This Situation?
To avoid this situation entirely, you should use different emails for non-essential platforms. Furthermore, to avoid panic during a site compromise, passwords should be different across sites to prevent a situation where a breach of a single account can lead to many more.
However, if you fall victim to such a hack, the best step to take is to update your passwords on all sites. Also, change your usernames on other sites if it is similar to the hacked website.
The most important tip to follow while you surf the web is to avoid sites that have poor user data protection. If you don’t trust the website to protect your data, don’t give it to them.
Learn more ways to protect yourself online by reading our article on Top Privacy Tools To Protect Yourself Online.