Adult Cam Site “CAM4” Has Exposed Highly Sensitive Data of Millions of Its Members and Users

Last updated September 25, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

All breaches that expose PII (personally identifiable information) are bad, but those that come from adult websites are definitely the worst. CAM4, an adult live streaming platform that has around two billion unique visitors every year, has misconfigured an Elasticsearch cluster leaving a set of production databases unprotected online and accessible by anyone with a Web browser. The discovery was the work of security researcher Anurag Sen, and while the response from the CAM4 team was immediate, the exposed records could have been copied by someone in the meantime.

cam4_batch

Source: safetydetectives.com

The information that has been exposed includes the following details:

The number of records is 10.88 billion, so the amount of data that has been exposed is humongous. As expected, not all records are equally rich - some include payment details (credit cards and payment amounts), hashed passwords accompany others, and some have multiple email addresses connected with a single username. With all that was leaked, malicious actors could extort the exposed individuals, scam them, phish them, and generally set up highly targeted fraudulent operations. Blackmailing is the worst-case scenario, though, as many of the cam models on these platforms wouldn’t want their direct social circle or family to know about their side job.

cam_users

Source: safetydetectives.com

The largest number of records concern users from the United States, and then there are many Brazilians, Italians, Germans, and users from Spain and France. The researchers have also located information that could enable actors to launch attacks on the website, as backend data was available for harnessing too.

In general, you shouldn’t trust any online platform with your identity, let alone those that can potentially radically affect your life. Thus, use anonymous email addresses, don’t connect social media accounts with these platforms, only give out the least possible identification details required for your registration, avoid using credit cards as a payment method, and always use unique and strong passwords.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: