One of the world's most popular adult sites leaks millions of records - BangBros users see personal data exposed online

(Image credit: Shutterstock.com / Shift Drive)

One of the most popular adult sites on the web has suffered an exposure of its own after millions of records were found sitting unprotected online.

An investigation by researchers at Cybernews found an unprotected Elasticsearch cluster containing more than 8GB of sensitive information about BangBros users, including nearly half a million user login records.

Overall, the database was found to be containing 12 million records, including details such as IPs, usernames, locations, feedback messages, and even "model performance statistics".

Online breach

The database was discovered on June 6, and had apparently been indexed on search engines a few days earlier, having apparently been left unsecured due to an inadvertent configuration error.

Cybernews reports that the instance is now closed, but this doesn't mean hackers won't have already got their hands on the data, which could now be used for identity theft or extortion purposes.

“If bad actors managed to get their hands on this data, they might trace and link adult content viewers’ habits to specific individuals. Combined with other private information, this could lead to significant privacy issues, cause personal embarrassment, and result in social stigma in places with conservative attitudes,” said Mantas Kasiliauskis, information security researcher at Cybernews.

The largest part of the leak, the “bangbros_straight” file, contains almost 11 million records, which appear to be from the company's media or content management system.

Cybernews says it contacted BangBros following the discovery, but did not receive any comment - although the issue does appear to have been fixed. TechRadar Pro has also contacted the company for comment, and will update our story if received.

Adult sites have long been a risky proposition for users, with the potential for privacy and security breaches a common one. We'd advise anyone signing up to such sites to make sure their personal data isn't put at risk, and to use a VPN to make sure your browsing habits stay private, alongside multi-factor authentication on all your most important personal accounts.

More from TechRadar Pro

Need extra protection? Here's the best VPN with antivirus around
We've also rounded up the best password managers on offer today
Password management is still too much for people — and many of us still write them down

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.