Over 72 million account credentials discovered on the Dark Web by security researchers were found to be stolen from popular adult content websites in the last two years, Kaspersky Lab has revealed.
Visiting popular adult content websites could expose unsuspecting users to hackers as such websites are often injected with specialised malware designed to steal users’ credentials.
A new report from Kaspersky Lab has revealed how hackers are successfully leveraging popular adult content websites to steal millions of account credentials and putting them up for sale on the Dark Web. Such credentials are purchased by those seeking to create duplicate identities to conduct purchases in the name of original users and to conduct social engineering attacks like phishing and spoofing.
After conducting an analysis of account credentials posted on open sourced information, researchers at Kaspersky Lab revealed that millions of account credentials have been stolen from the likes of Cams.com, Penthouse.com, Stripshow, xHamster and Brazzers.
‘Based on our brief dive into open sourced information, since 2016 more than 72 million sets of account credentials for adult content websites were stolen and later appeared online. These include data from Cams.com (62.6 million), Penthouse.com (7.1 million), Stripshow (1.42 million), 380,000 of xHamster accounts, and about 791,000 thousand from Brazzers data.
‘And these stats do not include the enormous leak of around 400 million sets of credentials from the AdultFriendFinder website – which focuses on setting up offline encounters rather than content for viewers,’ they said.
Upon further analysis, the researchers found as many as 27 different malware variants that are being actively used to steal user credentials from paid-for adult content websites. Last year, more than 300,000 attacks were launched using these variants on more than 50,000 PCs across the world. Account credentials were also stolen from other adult content websites like Naughty America, Brazzers, Mofos, Reality Kings, and Pornhub.
They also noted that 1.2 million mobile phone users were also exposed to malware last year after visiting adult content websites. They also found that popular porn apps for Android were riddled with all kinds of rooting malware, malicious clickers and banking trojans.
‘Bankers and ransomware have also been using porn for their distribution for a long time – mostly under the guise of a specific porn player, which instead of showing porn compromises the security of the attacked device and the devices financials,’ they added.
They said that one of the reasons why adult content websites are so attractive to hackers is that even if a victim finds out that his credentials were stolen or his device was injected with malware, he is unlikely to report the crime to anyone as he would have to admit that he was watching porn. This secrecy, out of fear of embarrassment, gives hackers a free run as their crimes go largely unreported.
As such, desktop and mobile users should visit adult websites that are trusted and feature the latest security certificates. At the same time, they should avoid downloading porn apps from third-party app stores even if such apps offer content that may not be offered by apps available on official app stores.
In October last year, millions of people who visited Pornhub in the United States, the UK, Canada, and Australia in the past year were exposed to an ad fraud malware which hackers had injected to the site by placing fake browser update adverts. Users of Google Chrome, Firefox and Microsoft Edge browsers were equally exposed to the ad fraud malware.