The offence of possession of an extreme pornographic image was introduced in 2008 and has resulted in more than 5,500 prosecutions, the majority for clips of bestiality.
The offence of possession of an extreme pornographic image was introduced in 2008 and has resulted in more than 5,500 prosecutions, the majority for clips of bestiality.

Pornhub hacked, exposing users’ viewing habits – but information will be kept private

Researchers found their way into the company’s database, and received $20,000 for doing so

Andrew Griffin@_andrew_griffin
Tuesday 26 July 2016 11:42
comments

Hackers have found their way into adult website Pornhub, potentially revealing some of its users’ most intimate secrets – but have committed not to do so.

Security researchers found their way into the site’s database, which includes sensitive user information about the people who use the site.

In the wrong hands, that information could prove a huge problem. Previous leaks of sensitive websites like Ashley Madison have had disastrous effects, spilling the secrets of users.

But the security researchers gave their hack up to the company, winning $20,000 in the process. That money came through Pornhub’s bug bounty programme, which encourages hackers to try and find flaws that need fixing and gives them a cash reward when they do so.

The hackers said that they had gone after Pornhub because of that bug bounty programme and the rewards that it offers. Many porn sites have been looking to get more secure as a result of the sensitive information they hold and the value they offer to potential hackers.

"Pornhub's bug bounty programme and its relatively high rewards on Hackerone caught our attention,” the hackers said in a detailed post about how exactly they had broken into the site. “That's why we have taken the perspective of an advanced attacker with the full intent to get as deep as possible into the system, focusing on one main goal: gaining remote code execution capabilities.”

Remote code execution is often seen as the main goal of hackers, since it allows them to run code on the attacked system without even being near it. Once that is done, hackers can often find their way into the deepest and most protected parts of the system, allowing them free rein over what they want to attack.

The hack will also help protect other websites that use PHP, a scripting language that is used across the internet.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments