A lady sitting at her table, with her laptop in front of her. Her elbows rest on the table with her head in her hands, looking exasperated.

Adult site model and user records exposed

It has recently been revealed that a database holding sensitive personal information of models and users from a popular adult cam site was discovered online. The data breach, affecting the Stripchat website, potentially places both models and users at significant risk.

What details were found in the Stripchat data breach?

Bob Diachenko, Comparitech’s head of security research, found the database on an Elasticsearch cluster in early November. The database contained 200 million Stripchat records in total. The data included 65 million user records, showing:

  • Email addresses
  • IP addresses
  • Tips users paid to Stripchat models
  • Timestamps of when user accounts were created
  • Last payment activity

A separate database held over 420,000 Stripchat model records, which included:

  • Their Stripchat username
  • Their gender
  • Their Stripchat studio ID
  • Tip menus and prices
  • Live status
  • Their “strip score”

The databases were secured on November 7th, two days after Diachenko’s discovery. However, it remains unknown whether anyone was able to access the data before this date.

Diachenko told Threatpost, which reported on this story: “The exposure could pose a significant privacy risk for both Stripchat viewers and models.

“If the data was stolen, they could face harassment, humiliation, stalking, extortion, phishing and other threats, both online and offline.”

“Victims should be on the lookout for targeted phishing emails from fraudsters posing as Stripchat or a related company. Never click on links or attachments in unsolicited emails.”

One concern is that, while many Stripchat users likely take steps to conceal their identity, specific data footprints may be cross-referenced with other data breaches to build a more comprehensive profile of those involved. In turn, this could lead to more aggressive attempts at fraud.

Diachenko continued: “Stripchat data, in fact, does not reveal a lot of personal info, and I do feel that a lot of users visiting such sites prefer not to state their real identities, emails etc.

“They mostly use VPN services, too, to hide their IP addresses. Still, a lot of this info can be matched with other data breaches and some additional data would come up, that’s my point here.”

“Sites like Stripchat should have stronger security practices and at least employ incident response protocols when receiving alerts like this from the security community.”

Stripchat plays down the level of risk

Responding to an email from Threatpost, Stripchat’s Max Bennet said the information exposed was limited. Bennet told Threatpost: “Information on 134 million transactions occurring were exposed, however, no information was leaked regarding the payment details.

“Finally, information on at least 719,000 chat messages (was exposed). No content of the private messages was revealed, though.”

Does “lewd” phishing lures pose the most significant risk to users?

It is thought that lewd phishing lures pose the greatest potential threat to users whose email addresses were exposed in the Stripchat breach. Of particular concern is the potential for individuals to be targeted in business compromise campaigns. Such campaigns see people targeted via their personal and business email addresses, but primarily the latter, with threats to expose their activity on adult websites. Receiving such communication at work can be unnerving, especially if you have a Stripchat account or are a user of another similar platform. As well as posing as Stripchat to try and acquire your details, criminals may outright threaten to expose you unless you pay them a ransom fee.

Such threats have increased significantly in the past two years, with the Covid-19 pandemic increasing both the use of sites like Stripchat and instances of data breaches and attempted phishing scams.

Was your data compromised in the Stripchat breach? You could be entitled to compensation

If you’re a Stripchat user who had your details compromised as a result of November’s database discovery, you could be entitled to compensation.

We’ll deal with your enquiry discretely on your behalf, so you can get the compensation you deserve.

Contact us here for a free, no-obligation review of your potential claim.

Get in Touch

Fill in the form below to tell us your details, and we’ll get started.