The same hacker also sold nearly 19,000 stolen customer records from a Hong Kong-based online store.
The stolen data of about 2 million users of an adult streaming site MyFreeCams (MFC) was for sale on an online hacker forum for $ 1,500 worth of bitcoin for 10,000 records.
The threat actor selling the data claimed that a single batch would net the buyer at least $ 10,000 on the black market.
See: 3TB of exposed home security camera clips uploaded
The hacker provided sensitive information such as usernames, plain text passwords, email credentials, and MyFreeCams token (MFC Token) amounts.
A hacker won $ 22,400 in Bitcoin
The hacker’s post and forum account are now deleted, and the cryptocurrency wallet is also emptied after the hacker collects $ 22,400 in Bitcoin over 40 transactions.
MFC is one of the largest adult web chat and streaming platforms with a monthly participation rate of over 70 million visitors.
Data stolen in December 2020
MyFreeCams data, according to the hacker, was stolen in December 2020 via an SQL injection attack. The stolen data includes the records of 2 million premium members of the site.
The company released a statement claiming it had notified affected users and reset passwords. Their investigation led to the data being traced back to a June 2010 security breach when the exploit was closed immediately after the breach.
“MFC’s current systems prevent any similar attack. So far, MFC had no evidence that user data was actually compromised in the incident. We notified affected users by email and reset their passwords. No credit card information has been stored or compromised ”, the company Told CyberNews.
Users at risk of extortion
This data breach can put all MyFreeCams users at risk of extortion, as hackers may attempt to blackmail them. They have also become vulnerable to a variety of attacks, including credential stuffing attacks.
Hong Kong-based online store data
Hackread.com can confirm that the threat actor also sold access to the database to an unknown Hong Kong-based online store. In addition to access to the database, the personal data of 18,800 clients / members were also sold to buyers.
At the time of this article’s publication, both posts have been removed from the hacker forum, considering that the seller has successfully sold the data to interested parties.