15.7M Users Exposed Due To A Misconfigured NSFW Server

Are you among the exposed users? 🧐

This year has turned out to be rich on data leaks that resulted because of simple neglect of service owners. For example, here researchers have detected an unsecured database belonging to a software vendor StoreHub.

The same way in July, a popular Chinese adult-content platform Hjedd has leaked 24Gb worth of users data. The leak happened due to a misconfigured ElasticSearch instance, making data accessible to anyone on the Internet.

An ElasticSearch is a popular NoSQL database and, the most popular search engine. It’s is commonly used for log analytics, full-text search, security intelligence, business analytics, and operational intelligence use cases.

^{_{Photo by GuerrillaBuzz Blockchain PR Agency}}

During this incident personal information of 14 Million users have been leaked online. What’s worse is that the server remained open for unknown period of time exposing newly registered users instantly.

Another NSFW platform leak

In October another data leak has appeared in an underground hacking forum. The author specified that another NSFW website has suffered a data breach, this time, it was Haijiao. The scenario of this data leak is exactly the same as the one of Hjedd: a misconfigured ElasticSearch exposing personally identifiable information of platform users. The primary analysis made by Kaduu researchers shows that the websites are actually sharing the same database. Meaning Haijiao is probably just a mirror for Hjedd or vice versa.

The newly shared leak consists of about 15.7 million records. The following sensitive data has been found in this database:

Email addresses
Login IP addresses and supporting details
Usernames
Passwords in Bcrypt hashed version
Nucknames
Phone numbers
Private messages between users revealing NSFW contents
Member details and website activity, including users’ comments

It is still unclear if Hjedd has fixed the issue with database open access in July and repeated the same mistake in October. Or, the server remained unsecured during all these months.

Read our similar story about misconfigured AWS S3 bucket, that exposed hundreds of thousands lines of US student’s personal information.

Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.