Hackers Punish Celeb Nudie Gawkers
Data dump; Software vulnerability
A database has leaked from a forum dedicated to sharing pictures of undressed celebrities, inspired by those stolen from Apple's iCloud in ‘The Fappening’ of 2014.
The thefappening.so/forum bulletin board, which also includes a section entitled ‘Photos of Our Wives,’ was built off PHP software, programs that are vulnerable to database hacks.
The information compromised includes usernames, IP addresses, email addresses and passwords, though passcodes were protected by bcrypt hashes.
A security researcher received the data from a contact who seemed to be involved in the trade of leaked information. One email address in the data dump contained a .gov suffix.
He mocked those affected in another tweet that read “Pro tip too - if you're gonna sign up to a forum like that, perhaps not use your .gov email address...”
Malwarebytes security analysts noticed that the mobile version of the forum site contained several compromised accounts, dubiously worded advertisements, malvertising, rogue mobile programs, and redirects to “ransomware” websites that lock victims onto webpages, according to an April 14 blog post.
Among the malicious ads researchers spotted were a pornographic popup that attempted to load SLocker ransomware, a bogus United Nations warning, and other messages attempting to extort users.
April 14, 2016
Link to report
location of breach
location of perpetrators
date breach occurred
date breach detected
April 12, 2016