Belfast Telegraph

Pornhub hacked, exposing users’ viewing habits – but information will be kept private

Hackers have found their way into adult website Pornhub, potentially revealing some of its users’ most intimate secrets – but have committed not to do so.

Security researchers found their way into the site’s database, which includes sensitive user information about the people who use the site.

In the wrong hands, that information could prove a huge problem. Previous leaks of sensitive websites like Ashley Madison have had disastrous effects, spilling the secrets of users.

But the security researchers gave their hack up to the company, winning $20,000 in the process. That money came through Pornhub’s bug bounty programme, which encourages hackers to try and find flaws that need fixing and gives them a cash reward when they do so.

Many porn sites have been looking to get more secure as a result of the sensitive information they hold and the value they offer to potential hackers.

Read: Pornhub reveals what Northern Ireland users search for 

"Pornhub's bug bounty programme and its relatively high rewards on Hackerone caught our attention,” the hackers said in a detailed post about how exactly they had broken into the site. “That's why we have taken the perspective of an advanced attacker with the full intent to get as deep as possible into the system, focusing on one main goal: gaining remote code execution capabilities.”

Remote code execution is often seen as the main goal of hackers, since it allows them to run code on the attacked system without even being near it. Once that is done, hackers can often find their way into the deepest and most protected parts of the system, allowing them free rein over what they want to attack.

The hack will also help protect other websites that use PHP, a scripting language that is used across the internet.


Independent News Service