{"id":12640,"date":"2020-01-17T00:09:00","date_gmt":"2020-01-16T23:09:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=12640"},"modified":"2020-02-14T08:19:18","modified_gmt":"2020-02-14T07:19:18","slug":"pussycash-datenleck-betrifft-tausende-erotik-modelle-weltweit","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/01\/17\/pussycash-datenleck-betrifft-tausende-erotik-modelle-weltweit\/","title":{"rendered":"PussyCash data leak affects thousands of erotic models worldwide"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" height=\"47\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/01\/16\/pussycash-datenleck-betrifft-tausende-erotik-modelle-weltweit\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]The data leak (PussyCash) that security researchers have come across is a database of over 875,000 files that reveal very personal information (from ID card scans to addresses and birth certificates, credit cards, etc.) of erotic models active on adult sites. I was just made aware of this case by the security researchers of vpnMentor.<\/p>\n<p><!--more--><\/p>\n<h2>PussyCash: 'Cam' affiliate network<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg01.met.vgwort.de\/na\/5914d5f0bb3c44bcb62db182ec582298\" width=\"1\" height=\"1\" alt=\"\"><a href=\"https:\/\/pussycash.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">PussyCash<\/a> is a 'cam' affiliate network that offers websites for adult models with adult content through brands like ImLive. PussyCash hosts affiliate programs for several adult websites and pays webmasters for the traffic that is sent to the websites via banners and exit traffic. They boast 66 million registered members in their webcam chat arena ImLive alone.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" title=\"PussyCash-Leak\" src=\"https:\/\/www.vpnmentor.com\/wp-content\/uploads\/2020\/01\/Report-Adult-Site-Leaks-Extremely-Sensititve-Data-of-Cam-Models.jpg\" alt=\"PussyCash-Leak\" width=\"619\" height=\"325\" \/><br \/>\n(Source: vpnMentor)<\/p>\n<p>Other websites include Sexier.com, FetishGalaxy, Supermen.com, Shemale.com, CamsCreative.center, forgetvanilla.com, idesires.com, Phonemates.com, SuperTrip.com and sex.sex.<\/p>\n<p>Partners listed on the PussyCash website include BeNaughty, Xtube and Pornhub. The owner of ImLive and PussyCash is officially listed as I.M.L. SLU, a company registered in Andorra.<\/p>\n<h2>The data leak<\/h2>\n<p>The vpnMentor cyber security research team, led by Noam Rotem and Ran Locar, has discovered an open Amazon S3 bucket on an Amazon server in Virginia. There 19.95 GB of data related to PussyCash and the underlying network were openly accessible and viewable.<\/p>\n<p>More than 875,000 files were stored on the S3-Bucket. The files contained marketing material, clips and screenshots from video chats, etc. But the more explosive part is the fact that thousands of folders of models using the platform are openly accessible. These folders also contain pictures and scans of their passports, ID cards, social security cards, credit cards and much more. Here is the list of the models' data:<\/p>\n<ul>\n<li>Full name<\/li>\n<li>Date and place of birth<\/li>\n<li>Status of citizenship, nationality<\/li>\n<li>Passport\/ID number<\/li>\n<li>Passport issuance &amp; expiry dates<\/li>\n<li>Nationally registered gender<\/li>\n<li>Identity card photo<\/li>\n<li>Personal Signature<\/li>\n<li>Full names of parents<\/li>\n<li>Fingerprints<\/li>\n<\/ul>\n<p>There are also country-specific details (e.g. emergency contact information for British citizens). All the cutlery you'd need for identity theft &#8211; cyber criminals can use this data to open accounts in the name of the person concerned and much more.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" title=\"Modell-Agreement\" src=\"https:\/\/www.vpnmentor.com\/wp-content\/uploads\/2020\/01\/Screenshot_21_censored_censored_censored-1.jpg\" alt=\"Modell-Agreement\" width=\"612\" height=\"368\" \/><br \/>\n(Modell Agreement, Source: vpnMentor)<\/p>\n<p>The files also included scans and photos of driver's licenses, US military identification cards, credit cards, model contracts, birth certificates, resumes and much more. The following tweet shows a copy of a US driver's license &#8211; more scans are available on <a href=\"https:\/\/www.vpnmentor.com\/blog\/report-pussycash-leak\/\" target=\"_blank\" rel=\"noopener noreferrer\">this vpnMentor page<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Adult performers, heads up!<\/p>\n<p>A data leak exposed personal identifiable information of thousands of cam models. If you had an account with <a href=\"https:\/\/twitter.com\/ImLiveCom?ref_src=twsrc%5Etfw\">@ImLiveCom<\/a> or other <a href=\"https:\/\/twitter.com\/PussyCash?ref_src=twsrc%5Etfw\">@PussyCash<\/a> web properties going back to the last 15 years, your data may have been exposed.<a href=\"https:\/\/t.co\/ZEYn9WrzLX\">https:\/\/t.co\/ZEYn9WrzLX<\/a> <a href=\"https:\/\/t.co\/Sai3pmhxSh\">pic.twitter.com\/Sai3pmhxSh<\/a><\/p>\n<p>\u2014 Chloe Lewis (@newchloe18) <a href=\"https:\/\/twitter.com\/newchloe18\/status\/1217547419921133572?ref_src=twsrc%5Etfw\">January 15, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The models world wide are thus made virtually transparent.<\/p>\n<h2>A GDPR case?<\/h2>\n<p>It seems that the leak was caused by one of the numerous brands of PussyCash. Since the owner of ImLive and PussyCash is officially registered as a company in Andorra, he might be subject to the GDPR. This makes the story interesting also from this point of view, because there might be a bigger fine. Here still the chronology of the case:<\/p>\n<p>Date discovered: January 3rd, 2020<br \/>\nDate of notification of the company (PussyCash &amp; ImLive): 4 January 2020<br \/>\nData Amazon notified: January 7, 2020<br \/>\nDate of ImLive's response: 7 January 2020<br \/>\nDate of the action: 9 January 2020<\/p>\n<p>The provider PussyCash (and their data protection officer) has probably not reacted at all to the reports of the security researchers, as they <a href=\"https:\/\/www.vpnmentor.com\/blog\/report-pussycash-leak\/\" target=\"_blank\" rel=\"noopener noreferrer\">write here<\/a>. Only ImLive finally replied to one of our e-mails and declared that they would take care of it and forward the information to the technical team of PussyCash. More details can be read in the <a href=\"https:\/\/www.vpnmentor.com\/blog\/report-pussycash-leak\/\" target=\"_blank\" rel=\"noopener noreferrer\">vpnMentor article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The data leak (PussyCash) that security researchers have come across is a database of over 875,000 files that reveal very personal information (from ID card scans to addresses and birth certificates, credit cards, etc.) of erotic models active on adult &hellip; <a href=\"https:\/\/borncity.com\/win\/2020\/01\/17\/pussycash-datenleck-betrifft-tausende-erotik-modelle-weltweit\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[1166,69],"class_list":["post-12640","post","type-post","status-publish","format-standard","hentry","category-security","tag-data-leak","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/12640","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=12640"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/12640\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=12640"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=12640"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=12640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}