Online Dutch sex-work forum hacked
Hackers have obtained personal details, user names, IP addresses and passwords of approximately 250,000 users of the sex-work forum hookers.nl in the Netherlands.
A hookers.nl moderator said the forum’s software supplier, vBulletin, reported a bug in its chat room software last month which allowed an outsider access to the database.
VBulletin addressed the bug but several sites were breached before it reportedly installed the protection.
Dutch broadcaster NOS said identifying users through their email addresses would not be difficult.
The suspected thief purportedly said he felt no remorse over the attack. “I am not the devil. It is not a question of whether your website is hacked, but when,” the hacker was quoted saying by NOS.
The suspect said several people were interested in buying the data.
“Action has been taken as quickly as possible. vBulletin has released a software patch that we have implemented after testing to address the leak,” the website stated.
“Nevertheless, a data breach has occurred and the email addresses have been stolen from all users.”
It claimed email addresses were being sold online by hackers and recommended that users change their login details.
“Offering this information for sale is punishable by law, and if possible we will take legal action,” the site’s moderator said. “In addition, a report has been made to the Dutch data protection authority.”
It is feared site users may face blackmail attempts as with the breach of the adultery hook-up site Ashley Madison.
“The hacker, who appears to show no remorse, could potentially accept payment and still leak the data to the internet,” said Ray Walsh, digital privacy advocate at ProPrivacy.com. “For victims, it is going to be hard to make a decision, the temptation to pay up may be high, but there is no guarantee that this will result in their identity being kept a secret.”
Prash Somaiya at HackerOne, a vulnerability coordination and bug-bounty platform, said attacking a site like hookers.nl was a “double win” for cyber-criminals because they could sell the data and still potentially blackmail users.
He said: “Other opportunist criminals seeing the news may also use it to attempt to phish any possible users by posing as the original attacker to blackmail anyone who falls for their scam.”
The sex trade is heavily associated with Amsterdam. Picture credit: Wikimedia