Leaky CAM4 database leaves nearly 11 billion items of personal customer data exposed

0
Cam4 data leak

An absolute treasure trove of stolen data has been discovered, in the form of an unsecured database from cam site CAM4.

Researchers from Safety Detectives discovered a seven terabyte (7TB) database containing 10.88 billion records from CAM4, including personal information and chat records.

Personally identifiable information including payment logs and IP addresses were found in the database, which appears to date back as far as March 16, 2020, according to the researchers.

Password information was visible (though partly hashed) and credit card amounts and types were also included, all tied to the same accounts as some rather explicit chat logs. Device information, customer service logs, preferences and orientation were all in the trove.

Worst hit was the US, with 6.55 million records exposed, followed by Brazil, Italy, France, Germany, Spain in descending order. The UK had 1.62 million records exposed.

As noted by the researchers, it’s the smaller number of cases where multiple pieces of information about a single individual have been obtained.

“Altogether, a ‘few hundred entries’ revealed full names, credit card types and payment amounts. The combination of all three is a critical aspect — as opposed to having limited access to just payment amounts without full names — because in unison they create a far greater security risk compared to just one or two information points in isolation,” they said.

The data was hosted by ElasticSearch in a full production database. Often, databases (not just those from ElasticSearch) are unencrypted by default, and have to be scrambled as part of the set up process. That means that human error is as likely as any sort of foul play.

It wasn’t established by the researchers whether anyone had accessed the data, but given that it was in the public domain, it’s quite possible. As well as customer information, the data also included information on spam and malware combatant policies that would be very useful in the wrong hands.

It’s not even a case of ‘in theory’ – you may remember a few years ago, dedicated adultery portal Ashley Madison was clobbered for 37 million records which were then used as blackmail fodder against users.

The offending CAM4 server has now been taken offline, but the data may already have been copied. If you’re a CAM4 user, we’d recommend changing any passwords which are shared with CAM4, and keep an eye on your identity for a bit, just in case.

Read Next: VR Live Cams Have Fizzled, But DreamCam Wants to Change That

Affiliate Disclosure
Some articles contain affiliate links that allow us to earn money if you decide to purchase any of these products or services. This does not cost you any extra, and it allows us to continue to run this independent website without ads. Affiliate links have no relation to review ratings or other editorial coverage. You can read the full policy here.

Chris M
Chris M

Chris has worked in technology journalism for over a decade, and brings his nerdy expertise to looking at what goes on under the hood of sex tech. With over a decade of expertise in his field, Chris brings a nerdy perspective to his exploration of the fascinating world behind the scenes. His articles have graced the pages of renowned publications such as Engadget, TechRadar, AskMen, and The Register.

Be the first to leave a comment
Leave a reply

Want more?
Facebook
X / Twitter
YouTube
Reddit
Mastodon
Black Friday 2023 is coming. Don't miss the VR dealsvibe offersstroker specialsAI discounts
Comparisons and Guides
Best VR Porn Sites
Best Gay & Trans VR Porn Sites
Best AI Porn Generators
Best AI Girlfriend Apps
Best XXX Cam Sites
Best Chromecast Porn Sites
Best Porn Apps
Best iPhone Porn Sites
Sound-responsive Vibrators
OnlyFans Alternatives
Best Toys for People with Disabilities
Best Mini Vibrators
SEXTECHGUIDE® is a trading name of BBT Media Limited. Copyright © 2016 - 2023. All Rights Reserved. BBT Media Limited is registered in England and Wales with the company number 10288724. Address: 86-90 Paul Street, London, EC2A 4NE.
SEXTECHGUIDE
LATEST
Comparisons and Guides
Best VR Porn Sites
Best Gay & Trans VR Porn Sites
Best AI Porn Generators
Best AI Girlfriend Apps
Best XXX Cam Sites
Best Chromecast Porn Sites
Best Porn Apps
Best iPhone Porn Sites
Sound-responsive Vibrators
OnlyFans Alternatives
Best Toys for People with Disabilities
Best Mini Vibrators