Keeping sensitive information secure is getting more difficult by the minute, especially during this pandemic. That’s because cybercriminals are constantly on the attack, adding high tech tools to their arsenal that help them spoof websites, create impressive phishing emails and hack into websites to steal data.
A recent example was when hackers stole more than 200 million Facebook users’ profile information and put those records up for sale on the Dark Web. Tap or click here to find out if you’re at risk from that breach.
It’s bad enough trying to fend off hackers from digging into our personal information, but it’s even worse when it’s exposed by the carelessness of a website. This is exactly what just happened with and adult streaming site that exposed around 11 million users’ personal records.
Data leak exposes personally identifiable information
Security researchers at Safety Detectives recently discovered a database that was left unprotected for anyone to see. And it was a massive database that included over 7 terabytes worth of intel on users of the adult streaming website Cam4. The total number of records is astounding at nearly 11 billion!
The site is intended for adults only and is used mostly by amateur webcam performers. Customers can buy virtual tokens and tip performers or pay for private shows. You might find this unseemly but you’d be surprised at just how popular these types of sites are.
In fact, it’s estimated that Cam4 has around 2 billion visitors worldwide each year. The total number of users impacted by this data leak isn’t known, as numerous emails showed up multiple times in the database. However, it’s estimated that over 6.5 million victims live in the U.S.
You may also like: Can these smart glasses tell you if someone has COVID-19?
What makes this data leak so frightening is the information that was exposed and how criminals could use that intel. Names, email addresses and payment logs were included, which could lead to numerous bad outcomes. For one, with this info and just a little know-how, a crook could steal someone’s identity.
Another way a victim could be taken advantage of is by the growing threat of “sextortion.” That’s when a scammer has just enough personally-identifiable information (PII), like what was exposed in this data leak, to threaten someone with sextortion.
Typically a sextortionist will send the victim a message that includes data they shouldn’t have, like credentials to an adult website along with payment information, and tells them they will share this info with the victim’s family and friends unless they pay a ransom to keep them quiet.
In many cases, sextortion scams are just nonsense and the thief doesn’t actually have the goods. Here’s a recent example of a nonsensical sextortion scam. Don’t fall for this cleverly disguised ‘sextortion’ scam
The Cam4 data leak could provide shady bad actors enough intel to at least embarrass someone. Here is a list of some of the leaked information.
Unsecured Cam4 information:
- First and last names
- Email addresses
- Country of origin
- Sign up dates
- Device information
- Payment logs including credit card type, amount paid and applicable currency
- User conversations
- Transcripts of email correspondence
- Token information
- Password hashes
- IP addresses
- Fraud detection logs
- Spam detection logs
As you can see on the list of exposed data, payment logs were included. At this time it’s only believed that credit card type and the amount paid were included, not the actual card numbers or sensitive banking details. We’ll update this report later if it turns out credit card or bank account numbers were exposed.
What can you do to protect yourself?
Whenever there is a major data breach it’s a good idea to take security steps to keep your information safe. Here are a few suggestions:
Change your passwords
The very first thing to do following a data breach is to change your account password. In this breach, passwords were hashed but that doesn’t mean you should trust them to be safe.
To be on the safe side it’s best to change your password ASAP. If you’re using the same password on multiple sites change it on those as well and from now on create strong, unique credentials for every online account. Tap or click here if you need help creating better passwords.
Beware of phishing scams
Now that this data breach is widely known, scammers will try and take advantage of it by creating phishing emails or texts to find new victims. The messages could be disguised as being from the impacted company and offering information or help to protect your data.
However, the included links and attachments could be malicious and lead to infecting your device with malware. The safest practice is to avoid clicking links or opening attachments found inside unsolicited emails.
Or, as we explained earlier, you might receive a sextortion threat from a scammer. Ignoring them is your best bet.
Keep an eye on your financial statements
The exposed data in this breach didn’t include credit card numbers or bank accounts, at least that we know of. But, it’s better to be safe than sorry.
Keep a close eye on your bank accounts and credit card statements, and watch for suspicious activity. If you see anything that looks out of line, report it immediately to your financial institution.
Protect against identity theft
Identity theft is one of the fastest-growing crimes in the U.S. According to the Federal Trade Commission, as many as 9 million Americans have their identities stolen every year. Data leaks like this one give thieves the intel they need to pull it off.
What’s the best way to protect yourself? You need an identity theft protection company you can trust. We recommend Identity Guard.
Get up to 33% off for Kim’s audience only, with plans starting at less than $7 a month at IdentityGuard.com/Kim.
Data breaches and leaks like this are very common these days. The best way to avoid falling victim is by taking the safety precautions that we’ve outlined here and staying informed on security threats. Knowledge is power after all.