As one of the top 100 websites in the world, the free porn video website, YouPorn, has a lot of subscribers. And as of late Tuesday night, at least 6,400 of those subscriber’s passwords were exposed in a data dump on Pastebin that paired email addresses with plain text passwords. The list of YouPorn logins is thought to have been captured from a public-facing server, leaving YouPorn a bigger share of the blame for permitting lazy security.
Naturally, this creates a problem for thousands of people who may want to keep their enthusiasm for erotica secret, and having an e-mail address connected with the site is certainly a breach of privacy on a grand scale. Even if those affected don’t care who knows they frequent X-rated sites, there’s still the danger that someone will use the plain-text password to access other accounts with more important information in them, as people tend to use the same passwords to login to multiple different Websites.
It appears that the dump is the work of an unknown hacker. While YouPorn appears to have shut down the breached server, the damage is largely done. Portions of the list have been published around the Internet, and analysis of the list is taking all kinds of permutations. OZ Dump Centa divvied up the e-mail addresses by provider (the largest portion of YouPorn accounts were linked to Hotmail addresses, followed by Gmail). Technology researcher Ashkan Soltani made a word cloud of the most popular stolen passwords. While YouPorn has not made a public statement about the breach, the data-leak is a reminder that passwords should never be repeated across logins for different sites.