Webcam site users data Stripchat was accessible without a password
A large database of users of webcam site Stripchat was discovered by security researchers and was accessed without a password for several days. The database contains, among other things, usernames, e-mail addresses, IP addresses and balance.
The database was discovered on November 5 by researchers at the security company Comparitech. The database contains more than 200 million records of user data. It was an Elasticsearch cluster that could be found with search engines. The database was not password protected.
It is not known whether the database was found by more external parties. The researchers write that the database was indexed by search engines on November 4 and may have been found by more people. Comparitech notified Stripchat after discovering the vulnerability, and the company took the database offline on November 7.
In addition to data from users, information from models was also visible. In addition to username and gender, tip amounts were also visible. In addition, a database of chat messages was also found, containing more than 700,000 messages linked to user IDs.
By its own account, Stripchat has over 100 million monthly users. Hundreds of thousands of models are connected to the site.