SextPanther, a US-based adult entertainment website has exposed more than 11,000 identity documents of its models.
The documents were stored on an exposed Amazon Web Services (AWS) storage bucket that had no password protection.
The bucket contained documents SextPanther used to verify the ages of models including passports, driver’s licenses and Social Security numbers. Much of the exposed documents contain names, home addresses, dates of birth, biometrics and photos.
In addition, the storage bucket also contained over 100,000 photos and videos sent and received by the workers.
Most of the exposed models are located in the US, however many are also from Canada, the UK and India.
UK-based penetration testing company Fidus Information Security identified the owner of the bucket being SextPanther. TechCrunch, who had initially discovered the exposed bucket, alerted the site’s operator Alexander Guizzetti and shortly after the bucket was pulled offline.
“We have passed this on to your security and legal terms to investigate further. We take accusations like this very seriously,” said Guizzetti in an email to TechCrunch.
The incident comes a week after researchers at vpnMentor uncovered an exposed S3 bucket with 19.95GB of visible data, belonging to adult webcam streaming site, PussyCash. The bucket exposed the personal data of more than 4,000 models and more than 875,000 files.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/