The security vulnerability is caused bydata breachDiscovered by hunter Bob Diachenko, an expert discovered an ElasticSearch database cluster that can be accessed online without authentication. Diachenko discovered the cluster on November 5, but the database was indexed by search engines on November 4.
The exposed database is Stripchat and contains nearly 200 million records. The exposed data includes email addresses, usernames and IP addresses, as well as other information. The data leakage of Stripchat website users and models poses significant privacy risks. Criminals can use this data for ransom or as a target for phishing attacks.
Here is a detailed list of public records:
User database containing approximately 65 million records (username, email, IP address, ISP details, tip balance, account creation date, last login date, account status)
Model database of approximately 421,000 records (username, gender, studio ID, live broadcast status, prompt menu/price, strip score)
Audit database of approximately 719,000 chat messages sent to models, including private and public messages. Each record contains the user ID of the viewer who sent the message.
A transaction database containing approximately 134 million records containing information about tokens and tips paid to the model by users, including private tips.
until now,StripChat No response yet.
Original article, author: Chief Security Officer, if reprinted, please indicate the source: https://cncso.com/en/stripchat-exposes-sensitive-data-of-millions-of-users.html