A Bulgarian hacker has stolen the data of 33 thousand Italian users who visit escort sites. Here are the dangers
Over three hundred thousand escorts and their clients, in Italy and the Netherlands, have to worry: a Bulgarian hacker has managed to breach two forums dedicated to hot dating, stealing the personal data of members. The two forums in question are EscortForumIt.xxx (site dedicated to meetings with sex professionals in Italy) and Hookers.nl (with Dutch users).
From the first one the data of 33,152 users were stolen, from the second one those of 302,982 users. And what is even more serious is that all these data are now for sale on a third forum, this time dedicated to hackers. The cybercriminal who managed to do all this is called InstaKilla and is the same one who in July managed to breach the website of the Bulgarian Tax Agency. Together with other hackers, then, InstaKilla even managed to breach the forum of cybersecurity company Comodo. The data of the users of these other forums has also already been put up for sale.
What data has been stolen
ZDNet managed to get hold of some samples of the data stolen by InstaKilla, so we know what data the Bulgarian hacker has stolen, and is putting up for sale. For each stolen profile InstaKilla has username, password, email address and knows if it is an escort or a client. In the case of the Dutch forum, InstaKilla managed to hack the paid section as well, but it does not seem that it managed to steal credit card data.
Will the data be made public?
At the moment InstaKilla has no interest in revealing this data to the public, as it plans to sell it and earn a lot of money from it. However, experience shows that in such cases data sooner or later becomes public knowledge. Users who have had their profiles stolen, therefore, are at very high risk of blackmail as it already happened in the past when the database of the extramarital dating site Ashley Madison was hacked.
Beware of vBulletin
All forums hacked by InstaKilla and associates have one technical feature in common: they are based on an outdated version of vBulletin (one of the most popular platforms for creating online forums). In late September 2019, a serious vulnerability was discovered in this platform, which exposes users to data theft. And this very vulnerability was allegedly used by InstaKilla in its recent attacks. Tens of thousands of forums are based on vBulletin but, fortunately, only outdated versions are at risk: MH Sub I, the company that produces vBulletin, has released security patches for versions 5.5.2, 5.5.3 and 5.5.4.