Hackers have broken into Pornhub and stolen personal information from premium users of the site.
The conspiracy theories pushed by supporters of age verification keep blowing up one by one. One of the conspiracy theories was that critics of age verification laws are all in on a grand conspiracy to thwart these laws because they are being secretly funded by “Big Tech”. That blew up when the opposite ended up being true after an ad agency that is involved in gambling advertising has been quietly doing the same thing for supporters. Oops!
Another conspiracy theory by age verification supporters is that platforms were intentionally poorly implementing age verification poorly in a bid to thwart these laws. This was in response to both the Discord breach that exposed government IDs and facial recognition scans of their age verification system as well as the technology predictably failing in catastrophic ways. Age verification has long been known to be broken technology but politicians and the media have been trying to desperately ignore all of that and pretend that their magical technology is perfect in every way as long as they just believe hard enough.
Well, that conspiracy theory is also blowing up as well – well, more than it already is anyway. One of the things I’ve long argued is that there is far FAR too much personal information being put on the web as it is. If anything, governments should be working on reducing the amount of personal information with privacy reform laws. What age verification laws do is dramatically increase that amount of personal information by tying highly sensitive personal information to certain websites that people visit. Basically, moving in the exact opposite direction that government should be moving in. As if to prove my point, Pornhub has apparently suffered from a data breach, exposing the browsing habits of premium users.
Now, you would think that Pornhub would be interested in protecting the user information of its premium subscribers. After all, it’s not as though that a breach of its premium subscribers would do anything to prove or disprove the viability of age verification or anything like that. No, they would have every motivation to protect that personal information in the first place. Yet, apparently, they were unable to do that. From the Guardian:
Hackers have accessed the search history and viewing habits of premium users of Pornhub, one of the world’s most popular pornography websites.
A gang has reportedly accessed more than 200m data records, including premium members’ email addresses, search and viewing activities and locations. Pornhub is a heavily used site and says it has more than 100m daily visits globally.
The hack was reportedly carried out by a western-based group called ShinyHunters, according to the website BleepingComputer, which first reported the incident. The site reported that the data included premium members’ email addresses, search and viewing activity and location. The data consists of 201m records related to premium members.
The website added that the Canadian-owned Pornhub had received an extortion demand from ShinyHunters about the hack. The Reuters news agency on Wednesday also claimed to have spoken to a ShinyHunters member in an online chat who was demanding a payment in bitcoin to prevent the publication of data and delete it.
Pornhub said in a statement on its website that premium users had been affected by an attack on Mixpanel, a company that had provided data analytics to the publisher. Pornhub said a “select” number of users had been affected and that it had stopped working with Mixpanel in 2021, indicating the data is not recent.
“It is important to note this was not a breach of Pornhub Premium’s systems. Passwords, payment details and financial information remain secure and were not exposed,” said the pornography service.
That sounds pretty bad, but one of the things I worried about is that if age verification systems are implemented, broken into, and information stolen, then black hat hackers would be able to initiate extortion campaigns of the users in that affected hack. Well, that is exactly what is being warned about here. From Forbes:
Pornhub’s warning that “a recent cybersecurity incident” impacts some of its users could now become the real nightmare before Christmas. And the latest update from the world’s most popular porn site makes it clear this is only just beginning.
While the security breach only affects Pornhub Premium users, the data stolen is arguably just as sensitive as the “passwords, credentials, payment details or government IDs” the website assures were not exposed. Instead it’s your search and video viewing history that has been taken and linked to your email address.
“We are aware,” Pornhub now warns, “that the individuals responsible for this incident have threatened to contact impacted Pornhub Premium users directly. You may therefore receive emails claiming they have your personal information.”
While the affected information is not actually related to an age verification system, the hack wasn’t really that far off, either. This is the exact scenario I had warned about should age verification systems continue to gather personal information and get hacked in the process. It’s no longer a theoretical, but a very real possibility given the threats by the hackers.
No doubt supporters of age verification are going to eventually say something stupid like the platforms needing to “nerd harder” to prevent these things. The reality is that personal information is going up on the web nicely packaged for the hackers to pick up afterwards. If that personal information isn’t available to be stolen at all, then that personal information isn’t going to be stolen. Pornhub had absolutely no motivation for this specific breach to happen at all, yet it happened anyway. If it can happen on Pornhub, it can happen with these broken age verification systems as well.
Drew Wilson on Mastodon, Twitter and Facebook.
Discover more from Freezenet.ca
Subscribe to get the latest posts sent to your email.
