On April 14, Forbes magazine announced that the data from pornographic website Naughty America and its affiliates was hacked and offered for sale. The information was subsequently offered for sale on a black market accessible through the Tor network, called The Real Deal.
Indeed, the website hosted an ad offering to buy databases, that of Naughty America but also of affiliate sites totalling more than 3.8 million user accounts.
The hacker, named “peace_of_mind” sold the database for a price of 0.748 Bitcoin (about EUR 287) when the Forbes article was published. A week later, the price had fallen, as can be seen on the screenshot, and is now at 0.4468 Bitcoin (about EUR 182). At the time of this writing, the ad seems to have disappeared from the site.
As the hacker “Peace” explains to Forbes Magazine, the database was offered at a low price from the beginning of the sale because of the difficulty breaking the encrypted passwords in order to make them usable. Indeed, the algorithm used is bcrypt, a much more complex encryption solution than conventional MD5 hashing, another function more widely used in other databases and easy to return. So this requires more time for hackers to exploit the information sold by Peace.
What do the hackers do with this information?
The database contains information from users of the Naughty America site, but also from the gay pornography site Suite703 and other forums. One could find there, in addition to email addresses and encrypted passwords, user names, IP addresses and their geolocation. However, many of the accounts appear to be inactive and some of them have been created with false email addresses.
Since last week the database can be freely downloaded on certain platforms hosted on the Dark Web. Nevertheless, the database is now available to all hackers who want to download it. They could thus use the information to create fraudulent schemes by deploying massive spear-phishing campaigns but also by resorting to extortion due to the particular context of the hacked site.
In the case of Ashley Madison, specific types of emails were circulating among hackers to steal money from people registered on the adultery site, as shown in the screenshot below.
The context and the amount of information available is a particularly important lever for the hackers as they enable broader schemes to exploit this data leak, from simple phishing to extortion.