An online community promoting female escorts and reviews of their services suffered a data breach after a hacker downloaded the website’s database.
EscortReviews.com is an online adult forum of the vBulletin forum that enables escorts in the US and Mexico to advertise their services, share profile pictures, contact information and biographies with potential clients. Customers can then post reviews about their experience with the respective companion.
The site is very active with over 2.4 million topics, 12.5 million posts and over 470,000 members.
EscortReviews.com Member and Post Statistics
Hackers publish stolen vBulletin databases
This weekend a threat actor posted a link to a stolen vBulletin forum database for the EscortReviews.com website.
Leaked EscortReviews.com database
This database contains registration information for over 472,695 members, including display name, email address, MD5 hash passwords, optional Skype account names, optional birthday, and IP address.
In a sample from cybersecurity intelligence agency Cyble, the latest data is from September 2018.
BleepingComputer has contacted some of the users listed in the database to confirm that the information belongs to them and is correct. Only one member responded stating that the information was correct.
The site is currently displaying a vBulletin database error to visitors. It is unknown if the site is disabled due to the database being published or if the site has been permanently shut down.
vBulletin error on EscortReviews.com
The website’s last cached Google search page is as of January 21, 2021.
The site was running vBulletin 3.8.9, which has known security vulnerabilities that could allow an attacker to compromise the site. It is unknown whether the forum was hacked with any of these vulnerabilities or whether the site left an unsecured backup of the database online.
Since the site uses an MD5 hash password that can be easily cracked, it is highly recommended that members change their passwords on other sites with the same password.
Members of the EscortReviews.com website can also use Cyble’s AmIBreached data breach notification services to verify that their information is part of the data breach.
Adult data breaches can have devastating consequences
Data breach for adult websites, e.g. For example, websites promoting escort services or dating can be devastating to members if their information is made public.
This information can be used by threat actors to carry out targeted extortion or sextorting attacks, e.g. B. Attacks following Ashley Madison’s 2015 breach.
Worse still, there are known cases of data breaches resulting in people committing suicide after information about their activities is posted online.