Feb. 23, 2012 at 11:27 AM ET
Watching porn is one thing, but if you join a site, be forewarned that someday, someone might find a way to tap into the site's databases and share your email address and password for all the world to see.
For nearly 6,500 YouPorn members, that day has come.
Anders Nilsson, CTO, and a security specialist at Eurosecure, wrote a post about the breach and how Alltid Nyheter, from Swedish public broadcasting radio, alerted him to it. Nyheter had found a thread on Flashback.org, Sweden's largest Web forum, in which it was revealed that "user info of well over a million registered users was openly accessible on the chat site of YouPorn until the server was taken down yesterday."
Besides the embarrassment of being outed as a YouPorn member, there is also the much more serious issue of possible identity theft: At least some people are likely to use the same email address and password on other accounts.
Nilsson lays the blame on YouPorn's bare shoulders: "Looking at the data, it seems like a careless programmer accidentally(?!) left debug logging on to a publicly accessible URL as early as November 2007, and it has been storing all registrations ever since."
That Achilles heel was too tempting for someone to pass up, as Nilsson guessed "someone sweeping websites for publicly accessible, but non-linked ('hidden') folders, looking for ... either porn or sensitive material like this struck gold."
And then the gold rush was on.
Nilsson said, "Hackers have already started going through the lists, checking which users have the same password for e-mail or Facebook, and have posted some intimate pictures found in some users sent/received email."
Security News Daily reported a list of 6,433 YouPorn members has already been posted on Pastebin, a favorite dump site for such info, especially from Anonymous, which has recently used it as a broadcasting center for an announcement about shutting down the Internet.
All the pleasure of being a porn user seems to be in danger, with this and a report that earlier this month, a teen hacker gained access to the personal information of more than 350,000 users after breaking into an inactive forum operated by Brazzers, one of many porn sites run by the Luxembourg-based Manwin company. He then posted a small sample of users' information.
On Twitter, follow Athima Chansanchai, who is also trying to keep her head above water in the Google+ stream.