LAS VEGAS—CAM4 today responded to allegations that it left unprotected a database containing millions of personally identifiable records.
The cam platform’s own developers and security specialists, after reading several published news reports of a significant breach, concluded “without any doubt that no personally identifiable information was improperly accessed,” a CAM4 spokesman told AVN.
SafetyDetectives lead researcher Anurag Sen reported yesterday that a leak came after one of the CAM4’s production databases was left open to access on a misconfigured Elasticsearch cluster. The power of an Elasticsearch cluster lies in the distribution of tasks, searching and indexing, across all nodes in the cluster.
As a result, Sen said, CAM4 exposed more than 7 terabytes of personally identifiable information of members and users, stored within more than 10.88 billion database records.
Sen said that among a cluster of 10.88 billion CAM4 records, dating back to March 16, SafetyDetectives discovered first and last names; email addresses and password hashes; usernames and user conversations; payment logs including credit card type, amount paid and applicable currency; and chat transcripts, among other records.
Sen said that the fact that a large amount of email content came from popular domains such as Gmail, Hotmail and iCloud—domains that offer supplementary services such as cloud-storage and business tools—means that compromised CAM4 users could “potentially see huge volumes of personal data including photographs, videos and related business information leaked to hackers—assuming their accounts were eventually hacked via phishing as one example.”
"This information could then be weaponized to compromise other individuals and groups such as family members, colleagues, employees and clients of other businesses," he said.
Today, after numerous published reports on the topic, CAM4 said that the numbers SafetyDetectives disseminated to the press were inaccurate.
“Upon immediate review of what certainly appeared to be a loss of some data, CAM4’s security team determined that personal data belonging to 93 individuals were accessed by SafetyDetectives,” the CAM4 spokesman said. “CAM4 has notified all users who were active during the 30 days of the log of this event and the steps we have taken to secure their accounts.
“In short, there was no malicious security breach resulting in the loss of personal data from any CAM4 server worldwide,” he said. “The internal investigation concluded that no other connections to CAM4 servers were made after a firewall failure that enabled SafetyDetectives to access the site.
“CAM4 takes data security and the safety of its broadcasters and audience very seriously and has a team of handpicked professionals monitoring the site’s integrity every second of the day,” he said.
The CAM4 spokesman said that the company “will continue to be diligent about follow up and are happily taking questions to alleviate any concerns from the public and the CAM4 community.”
CAM4 has about 2 billion visitors each year and its members stream more than 1 million hours of adult content every week, with more than 75,999 private shows streamed daily.