Most porn fans have likely never heard of Luscious.net, but the site specializing in Japanese hentai porn ranks as one of the internet’s most heavily trafficked sites. In fact, according to the internet data site SimilarWeb, the site ranks number 1,036 out of all sites in the world, and in the 109th most heavily trafficked adult site.
The site’s popularity makes it all the more alarming that despite promises of privacy to its users, who upload most of the site’s content, an inexplicable security lapse by the site left personal data on the porn site’s 1.2 million registered users exposed to public view, according to a report earlier this week by TechCrunch.
The data was exposed as early as August 4, possibly earlier, and was finally secured sometime around August 19.
The exposed data on the supposedly anonymous users included not only private email addresses and usernames, along with the geographical location of each user, but also complete logs of each user’s activity on the site.
While about 20 percent of the users registered with phony email addresses, perhaps anticipating the possibility of privacy breaches, according to the researchers at VPN Mentor who discovered the massive security failure, the bulk of the email addresses were authentic.
A TechCrunch investigation found that the authentic emails were easily traceable, leaving the identities of the porn site users accessible to anyone willing to find them. Some of the exposed email addresses were simply the full, true names of the Luscious.net users, making them traceable with a minimum of effort.
The user activity included blog posts in which users, expecting anonymity, often revealed intimate personal details about themselves.
“Some of these blog posts were extremely personal—including depressive or otherwise vulnerable content—and kept anonymous,” the VPN Mentor researchers write. “Due to this data breach, however, the blog posts are no longer anonymous, with many of the authors’ identities revealed.”
Users on the site were geolocated as logging in from Europe, Asia, Australia and the Americas. The researchers found that about 1.25 percent of the user email database came from the top-level domain .fr—France. But French users, in similar fashion to users in most countries, also use gmail and other popular email services. Taking that fact into account, researchers estimated that almost 4 percent of the hentai fans using the site came from France.
TechCrunch made repeated attempts to alert the site’s owners to the breach, but did not receive a response—until after the data leak was finally plugged by the web hosting firm for the Luscious.net site.
At that point, the site owners finally issued a statement, saying, “We will be reaching out to any compromised users to warn them about the potential exposure of their private email addresses.”
Photo by Hentai_-_yuuree / Wikimedia Commons