An online database containing 12 million records allegedly from the porn studio and site Bangbros, including IP addresses, usernames and porn performer statistics, appear to have leaked online recently.
In early June 2024, researchers from the Cybernews website’s research team discovered the alleged leak in the form of an unprotected Elasticsearch cluster comprising over 8 gigabytes of Bangbros user data. Elasticsearch is a data storage and search tool.
The researchers said that the alleged leak probably occurred due to a configuration error that left the data unsecured. The error was fixed after Cybernews contacted Bangbros, resulting in the data being taken offline.
Although the information in the alleged leak is no longer available online, its previous availability raised the prospect of it being scraped, stored and potentially used in nefarious or illegal ways. It also highlights the potential risks of submitting personal information to porn sites, even if they make assurances about data protection.
Bangbros users’ real names were not included in the leak, although usernames and IP addresses were, raising the potential for them to be used to identify users. Cases of criminals using porn to blackmail or coerce people have become more common in recent years. People who live among conservative societies, where being exposed as a porn user could have significant negative consequences, can be particularly at risk.
The alleged data leak also included information about messages on the site, the countries users were registered as living in, plus users’ geolocation accurate to a distance of around 11 meters. Porn performers’ names, registered genders and descriptions, plus statistics about their view counts, upvotes and downvotes were also featured.
Although the alleged leak was taken offline after Bangbros was alerted to it by Cybernews, Bangbros did not comment on it.
Porn sites have come under intense scrutiny recently in many countries, as authorities in various regions seek to make them more accountable for the content they host and access to the site. Bangbros is based in Miami in the US: a country in which lawmakers have been targeting porn providers particularly intensely.
Much of the scrutiny is based around age verification, including efforts to ensure that minors don’t access porn sites. Porn sites allegedly leaking user and performer data will further highlight the lack of trust many have in such sites.
Sites such as Pornhub, owned by the company Aylo, have recently attempted to brand themselves as ‘ethics-first’ firms and sites, that take user data and age verification seriously.
In 2005, Bangbros was sued by the US government for allegedly not labelling the company’s emails as “sexually explicit”, as it was required to do so under Federal Trade Commission rules. Bangbros settled the case for $650,000.
Leave a Reply