I. Targeted Entities
- Stripchat Users
- Stripchat Models
A database that contains highly sensitive information on users and models on the adult website, Stripchat, was discovered online and was left completely unprotected. Some say that the leak can put models and users at risk of extortion, violence, and more.
III. Background Information
Volodymyr “Bob” Diachenko, head of security research at Comparitech, reported that he found the database on an Elasticsearch cluster on November 5th. The exposure was reported to Stripchat on November 5th. The database contained 200 million Stripchat records, which included 65 million user records that contained email addresses, IP addresses, the amount in tips they gave to models, a timestamp of when the account was created, and the last payment activity. Another database found contained around 421,000 records for the platform’s models, including their usernames, gender, studio IDs, tip menus and prices, and their live status. It is not clear if anyone with nefarious intent managed to access the data before it was secured on November 7th. Max Bennet, a spokesperson for Stripchat, provided a statement to Threatpost saying that the content of the platform’s chat message was not exposed. He also stated that the leaked payment data contained transaction details and not credit card numbers.
As mentioned previously, models are at risk of extortion, violence, and poses a privacy risk for both viewers and models, says Diachenko. This harassment could happen online or offline. Stripchat model and user information could also be used in targeted phishing campaigns. Diachenko warns that users should be on the lookout for fraudsters posing as Stripchat or other related companies. He also advises to “never click on links or attachments in unsolicited emails”. The privacy risks for models and users could become more significant if the exposed information is cross-referenced with other data breaches. Should this happen, a full profile of a person could be drawn. However, Diachenko says that Stripchat data does not reveal a lot of personal info, with users often preferring not to state their real identities, email addresses, IP addresses (with the use of a VPN), etc. Even so, a lot of that information can be matched with other data breaches and a match can still be made.
IV. MITRE ATT&CK
- T1560 – Archive Collected Data
Prior to the exfiltration of data, attackers would utilize compression/encryption.
- T1530 – Data from Cloud Storage Object
The Stripchat data breach contained information harvested from cloud-based server storage.
- T1598 – Phishing for Information
As a result of the breach, gained user or model information through data leak might be used in phishing operations against them.
- T1114 – Email Collection
Some of the victim’s personal email account might have gained access by attackers during the data breach to be used to compromise user message traffic.
- Phishing Awareness Training
Users should be informed and educated about new kinds of phishing scams currently being used and ones that have been used in the past. Awareness training should instruct users to avoid suspicious emails, links, websites, attachments, etc. Users should also be educated about new types of attacks and schemes to mitigate risk.
Recommended link: https://www.us-cert.gov/ncas/tips/ST04-014
- Malware Monitoring
Continuously monitor current and new types of malware. Stay up to date on intel and advancements to prevent, defend, and mitigate these types of threats.
- Strong Cyber Hygiene
Enforce a strong password policy across all networks and subsystems. Remind users to be wary of any messages asking for immediate attention, links, downloads, etc. All sources should be verified.
Recommended link: https://us-cert.cisa.gov/ncas/alerts/aa21-131a
VI. Indicators of Compromise (IOCs)
Please see the general recommendations in the previous section for mitigating data breaches.
(1) Bracken, Becky. “200M Adult Cam Model, User Records Exposed in Stripchat Breach.” Threatpost English Global, November 16, 2021. https://threatpost.com/adult-cam-model-user-records-exposed-stripchat-breach/176372/.
Threat Advisory created by The Cyber Florida Security Operations Center. Contributing Security Analysts: James Krepps, Dorian Pope, and Tural Hagverdiyev.