Exposed! Almost 800,000 Brazzers usernames and passwords revealed after forum hack

If you’re in the habit of frequenting porn websites, chances are that you don’t want the world to know about it.

So you can imagine that there will be some internet users feeling a little hot under the collar, and fidgeting awkwardly, at the news that the email addresses and plaintext passwords of almost 800,000 porn fans have been exposed through a data breach.

As Motherboard reports, some 790,724 unique email addresses and the associated usernames and passwords used by members of the Brazzers message forum have been… umm.. exposed.

Brazzers’ PR manager Matt Stevens told Motherboard that the data was believed to originate from a historic breach dating back to 2012 which exploited a vulnerability in the vBulletin forum software:

“This matches an incident which occurred in 2012 with our ‘Brazzersforum,’ which was managed by a third party. The incident occurred because of a vulnerability in the said third party software, the ‘vBulletin’ software, and not Brazzers itself.”

“That being said, users” accounts were shared between Brazzers and the ‘Brazzersforum’ which was created for user convenience. That resulted in a small portion of our user accounts being exposed and we took corrective measures in the days following this incident to protect our users.”

vBulletin, sadly, has a poor record when it comes to security – with many sites failing to keep the forum software patched and updated, leading to a long history of data breaches and exploitation. Examples of recent hacks blamed on poor maintenance of vBulletin include the attacks on the Epic Games and Clash of Kings forums.

It seems that Brazzers is still concerned that its online forum might be at risk as it is currently “under construction”.

A breach at a porn site, of course, has an additional element of concern that simply isn’t present with many other breaches.

With a traditional data breach you might be concerned that someone could use your account without your permission, or might attempt to explore if you made the mistake of reusing the same password on different sites – potentially unlocking your other online accounts.

When a site like Ashley Madison or Brazzers suffers a data breach, however, the stakes are higher and go beyond compromising online accounts. Floating around the internet now are the email addresses, usernames and passwords of close to 800,000 online porn fans.

That’s a goldmine for spammers wishing to promote other adult services or – more sinisterly – attempt to export money through blackmail threats, as has been seen with Ashley Madison. The claim that the stolen records date back to 2012 doesn’t really negate that threat very much, as people seldom change their email addresses.

It should go without saying that if you think you might be at risk you should ensure that you have changed your password on any site where you reused your Brazzers forum credentials.