BangBros, a studio and platform specializing in adult content, leaked information about the users registered on their website. The database was discovered by researchers, and according to their report, it contains 12 million records of sensitive information. Further checks show that there is barely a possibility of this DB not belonging to the company.
BangBros Drops 12 Million Records About Users
Cybersecurity researchers have reported a major unintended data breach affecting BangBros. The studio and platform, known for adult content, disclosed over 12 million confidential user records. These records included IP addresses, usernames, geolocation data, and other sensitive information. But the main problem is that all this stuff was available as is, without any authentication or security.
The first discovery of this database happened on June 6, 2024, when the initial research found an 8GB database in Elasticsearch. That is a toolkit for working with big amounts of data – exactly what you would expect for such databases. And it eventually appears to be the culprit. Due to a configuration error, BangBros has probably left confidential information unprotected. The researchers who discovered the leak contacted the studio, so now the information is safe.
Potential Risks
The majority of this leaking information was primarily stored in a file named “bangbros_straight,” containing nearly 12 million records. In it, there were statistics from various media or content management systems. Additionally, the user registration log file includes 496,542 records, and 37,974 feedback messages were linked to IP addresses, usernames, and dates. Among the types of data that were exposed in that leak are:
- Usernames
- IP addresses
- Country
- Geolocation based on the IP
- Device type
- Reviews
- Model statistics (upvotes, downvotes, views)
- Model names, genders, descriptions
This means that potential attackers could use this data to track and associate content viewing habits with specific individuals. The Darknet is notorious for being filled with personal data from other breaches. By combining different data obtained from various sources using OSINT (Open Source Intelligence), attackers can reconstruct a highly detailed digital profile of a user.
Consequences for Users
What does this mean for users? First, spear phishing attacks could become more precise thanks to this data. Second, attempts to blackmail victims for watching compromised videos would no longer be just empty threats. Third, publishing such delicate information, particularly about a user’s preferences, could lead to personal embarrassment and public condemnation, especially among colleagues, relatives, or friends.
Such recklessness is not typical for big companies and, as you can see, gets fixed pretty quickly upon detection. That does not still mean that you are free to trust your data to each and every website. Do your research, scan the site with URL checkers, and share only necessary information – this way, you mitigate your risks in case of such a leak.
