YouPorn drops the soap, massive amounts of user data stolen

YouPorn, a top 100 website, has had its data exposed after it was discovered that one of its public facing servers contained a list of users’ email addresses, passwords and dates of birth. In an odd twist of fate, YouPorn finally found a way to literally screw its users.

According to NakedSecurity.com, the credentials of over 1 million users were found on a public facing server and are now being spread across the web. This is surely a case of where a users’ email is more valuable than the password itself as linking a login to an individual could impose significant personal damage.

YouPorn has shut down the offending server that contained the list of user names and passwords but the damage has already been done as the list is currently being passed around the Internet.

To make things even worse, all the data was stored as plain text, so there is no hiding behind an encrypted email address or password. 

So there you have it, one of the largest porn sites on the net just shared over 1 million users’ email address and passwords with the world; so much for the private browsing session. 

Image Credit: NakedSecurity.com

Report a problem with article
Previous Story

OnLive Desktop Plus launches; super-fast IE9 for iPad

Next Story

Is Google going to launch a TV service in Kansas City?

47 Comments

Commenting is disabled on this article.

Seeing how this is a common problem with administrators, I seriously think we've reached a point where we need quite drastic sanctions put in place for offenders of the most basic principles of a secure user database.

Geez...

GS:mac

Tube8 would have more accounts since they required reigstration to download the porn clips locally

Signing up is handy if you want to keep a remote list of "Favourites" instead of using your local bookmarks in your browser (which can fill up very quickly)

Mailinator is good these these kind of websites you don't want to hand over your real info to.

Mike Frett said,
Enjoy your Windows 8 cloud.

Microsoft actually encrypts your password and data, and doesn't store it in a human readable form... that's the last company you have to worry about.

Shiranui said,
The prize for best youtube name variant has to go not to youporn or porntube, but "youjizz".

Well, now you have to explain why you find jizz so amazing.

Shiranui said,
The prize for best youtube name variant has to go not to youporn or porntube, but "youjizz".

I disagree. I think LubeTube is the best

Shiranui said,
The prize for best youtube name variant has to go not to youporn or porntube, but "youjizz".

I had no idea naming porn sites on Neowin as in the rules.

htcz said,
I had no idea naming porn sites on Neowin as in the rules.

It's fine as long as no one is linking to them or posting pornographic images/videos

TsMkLg068426 said,
People sign up to watch free porn? This article should be under Funnies.

That's what I was thinking. Though I guess if you are a contributor to the site, that would make sense.

I mean... if that is how it works... I would have no idea...

TsMkLg068426 said,
People sign up to watch free porn? This article should be under Funnies.

WTF First rule of Internet Porn, is not to get caught, Second Rule of Internet Porn is not to get caught! WHO signs up to watch free porn!

TsMkLg068426 said,
People sign up to watch free porn? This article should be under Funnies.

It's probably accounts of the super perverts who upload the YouPorn videos themselves. Or chat. I didn't even know YouPorn had a chat.

Northgrove said,

It's probably accounts of the super perverts who upload the YouPorn videos themselves. Or chat. I didn't even know YouPorn had a chat.

If by "chat" you mean a large group of 50+ year old men going "HEY BABE WANNA SEE MY ****" then yeah, I guess.

TsMkLg068426 said,
People sign up to watch free porn? This article should be under Funnies.

Probably just for the personalized viewing experience!

Who doesn't like SENSEFUL suggestions?

GS:mac

1st ) Fantastic Title
2nd) Who the **** uses their actual email address to sign up to a porn service? That's what my hotmail spam account is for.
3rd ) Tisk tisk for not using a password manager and having different passwords for different sites!

bdsams said,
I spent many minutes trying to pick the perfect title.

I agree! I'm all about good titles, I think it gets you more views.

For a thread I made about java I could have just called it

Java sucks!
or
beware of java and keep it updated.

but the title I chose

Java! Uninstall It, Update it, or bend over and grab the ketchup!

really got peoples attention.

warwagon said,

I agree! I'm all about good titles, I think it gets you more views.

For a thread I made about java I could have just called it

Java sucks!
or
beware of java and keep it updated.

but the title I chose

Java! Uninstall It, Update it, or bend over and grab the ketchup!

really got peoples attention.


No, we just know it is you that is posting

Rudy said,
oh wow....It's sad that you can't trust sites to keep passwords encrypted

seriously how hard is it? are these admins from the stone age?

Rudy said,
oh wow....It's sad that you can't trust sites to keep passwords encrypted

Yes, it's sad. I thought password hashes were standard practice when my studies concluded. I've learnt that this is not the case, and the popularity of websites often do not correlate to how well their passwords are protected. Scary...

Northgrove said,

Yes, it's sad. I thought password hashes were standard practice when my studies concluded. I've learnt that this is not the case, and the popularity of websites often do not correlate to how well their passwords are protected. Scary...

Hashing does no good when there's things like rainbow tables (brute-forced passwords that have been MD5 encrypted for comparison), to reverse-engineer hashing (for instance, MD5).

http://www.md5decrypter.com/

This website doesn't decrypt anything. Its just a giant database that records the string and the hash it generates from user input. The entire website becomes worthless when you introduce a salt to your system (which you should be using).

If you're really worried about hash vulnerabilities, switch to sha-1.

Rudy said,
oh wow....It's sad that you can't trust sites to keep passwords encrypted

who cares about the passwords? the really info here is if you can find anyone of political or religious standing... that is where the money is...