Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Pornhub hack: Millions of people using adult video site could have been spied on

The virus had been making its way into users' computers for more than a year

Andrew Griffin
Wednesday 11 October 2017 10:17 BST
Comments
Equifax said the breached records did not put British consumers at risk
Equifax said the breached records did not put British consumers at risk

Pornhub was hit by a hack that means anyone who used it could have contracted a virus.

A secret, malicious advert has been running on the free pornography site for more than a year. And it works by infiltrating people's computer and then having their machine taken over, all without a users' knowledge.

The problem was shut down almost as soon as it was discovered. But it has been running quietly for more than a year – and the damage could have spread across the entire internet.

The hack worked by showing an advert on the Pornhub page that appeared to be a browser or operating system update. That would trick a user into clicking on it and installing the software.

But once it was installed, that software would actually take over a users' computer and use it to click on fake ads, putting its owners' safety in danger to generate money. That's according to Proofpoint, the security firm that discovered the malicious software.

It pointed out that the damage could easily have been much worse – potentially taking people's browsing data or using the access to their computer to commit fraud.

“While the payload in this case is ad fraud malware, it could just as easily have been ransomware, an information stealer, or any other malware,” Proofpoint said. “Regardless, threat actors are following the money and looking to more effective combinations of social engineering, targeting and pre-filtering to infect new victims at scale.”

The virus and the hack didn't revolve around the fact that the site exists to provide free adult videos, and the hack may have been active on other websites too. But the fact it came from such a page makes people more vulnerable, since they are less likely to report such attacks and since so many people visit them.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in