Users of the popular adult streaming site MyFreeCams could be at risk from online attacks as a database containing the site's user data is now being sold on a popular hacker forum.
As reported by CyberNews (opens in new tab), the data was exfiltrated from the company's servers back in December following a successful SQL injection attack (opens in new tab). The database itself contains user records from 2m MyFreeCams Premium members including their usernames, email addresses, MyFreeCams Tokens (MFC Tokens) amounts and plain text passwords.
The author of the post on the hacker forum is now selling off the data stolen in the attack in 10,000 user record blocks for the price of $1500 in bitcoin (opens in new tab). However, they claim that other cybercriminals could easily earn at least $10,000 from a single batch of user records by selling premium accounts with MFC Token balances on the black market.
- We've assembled a list of the best identity theft protection (opens in new tab) services
- These are the best VPN (opens in new tab) services on the market
- Also check out our roundup of the best endpoint protection software (opens in new tab)
After discovering that user records from the database were being sold online, CyberNews reached out to MyFreeCams and the company immediately notified affected users and reset their passwords.
Based on samples seen by CyberNews, the news outlet's security researchers believe the stolen data contains usernames, email addresses, plain text passwords and MFC Token balances.
The adult streaming site's user records appear to be in high demand among cybercriminals as the forum post author's bitcoin wallet (opens in new tab) shows a balance of around $21,600. This means that at least 14 batches of data from 100,000 MyFreeCams users has already been purchased.
This data could be used to blackmail the site's users, commit credential stuffing (opens in new tab) attacks, launch targeted phishing attacks and to spam victims' emails. Thankfully though, the database does not contain any sensitive information or financial data such as credit card numbers or passport IDs. However, stolen email addresses and plain text passwords can be enough to take over victims' other accounts if they use the same credentials across multiple online services.
Senior information security researcher Mantas Sasnauskas provided further insight on the implications of the MyFreeCams data breach in a statement, saying:
“When leaks like this happen, the dangers lie not only in breached accounts and passwords or stolen virtual currencies. Breaches like this raise serious privacy issues: most users of websites like MyFreeCams would undoubtedly prefer to remain anonymous, but now their email addresses can be used to out them as cam site members. It's not difficult to imagine the implications if this information was used maliciously. For example, to extort and blackmail people to pay up, leak their user details from the website, or even simply reveal the fact that they frequent the website to their families, employers, or the general public.”
MyFreeCams users should reset their passwords immediately and consider using a password manager (opens in new tab) to generate unique, strong and complex passwords to further secure their online accounts.
- We've also highlighted the best antivirus (opens in new tab)
Via CyberNews (opens in new tab)