Hack Brief: An Adult Cam Site Exposed 10.88 Billion Records
CAM4, a popular adult video streaming platform, has been the victim of a data breach that exposed 10.88 billion records, including 7 terabytes of names, payment logs, email and chat transcripts, and sexual orientations. Safety Detectives, a security review site, reported that CAM4 had misconfigured an ElasticSearch production database and therefore the personally identifiable information was exposed to the public. Corporate details such as fraud and spam detection logs were also publicly available.
Safety Detectives researchers stated that the company left its production server publicly exposed without a password. There is currently no evidence that CAM4 was hacked or that malicious actors accessed the database and the leak was rather likely simply a disastrous EleasticSearch server goof. This type of incident is known to have caused countless high-profile data leaks. The information in these situations is intended for internal use only, however, an employee configuration error resulted in the information being exposed online.