SextPanther, a US-based adult entertainment website has exposed more than 11,000 identity documents of its models.
The documents were stored on an exposed Amazon Web Services (AWS) storage bucket that had no password protection.
The bucket contained documents SextPanther used to verify the ages of models including passports, driver’s licenses and Social Security numbers. Much of the exposed documents contain names, home addresses, dates of birth, biometrics and photos.
In addition, the storage bucket also contained over 100,000 photos and videos sent and received by the workers.
Most of the exposed models are located in the US, however many are also from Canada, the UK and India.
UK-based penetration testing company Fidus Information Security identified the owner of the bucket being SextPanther. TechCrunch, who had initially discovered the exposed bucket, alerted the site’s operator Alexander Guizzetti and shortly after the bucket was pulled offline.
“We have passed this on to your security and legal terms to investigate further. We take accusations like this very seriously,” said Guizzetti in an email to TechCrunch.
The incident comes a week after researchers at vpnMentor uncovered an exposed S3 bucket with 19.95GB of visible data, belonging to adult webcam streaming site, PussyCash. The bucket exposed the personal data of more than 4,000 models and more than 875,000 files.
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.