porn

Hacker Breaches Porn Network, Advertises User Data on Dark Web

The hacker, selling data under the handle TheNeoBoss, has gained control of the porn site Team Skeet, and claims to have data on over 230,000 customers.

Joseph Cox

Joseph Cox

Photo: Brandon Grasley/Flickr

A hacker has gained access to administrative functions on the porn website Team Skeet and is advertising a database supposedly containing email addresses, plain text passwords, names, and physical and IP addresses for over 237,000 users of the site, as well as the broader porn network, Paper Street Media (PSM).

"I want to publicly shame them for their poor practices," the hacker, who is selling the alleged data under the handle TheNeoBoss on the Dream Market, told Motherboard in an encrypted chat.

Last week, Motherboard was provided with an initial sample of 64 users. Out of these, 56 were seemingly linked to real Team Skeet accounts, as the website read, "Sorry that username is unavailable." The hacker then shared a larger set of data with Motherboard, containing over 8,000 credentials, and Motherboard checked that many of these apparently corresponded to accounts on the site. TheNeoBoss also sent a screenshot indicating that he was in possession of some 237,000 users, but Motherboard has been unable to confirm whether that is the case.

Usernames that were apparently linked to real accounts on Team Skeet also worked on several other websites in the PSM network, which Team Skeet is a part of. These include Exxxtra Small, Teen Pies, Innocent High, Teen Curves, and CFNM Teens. The Team Skeet website says that members can get access to 23 separate sites.

Some of the email addresses failed to receive messages, however, when Motherboard attempted to contact their owners. And some of the entries in the sample data did not include physical addresses. The hacker claimed to have access to some credit card data, but did not take it.

Teamskeet.com screengrab.

"By purchasing this database, you will basically have free porn accounts for life, or you could sell them separately," TheNeoBoss writes in his marketplace listing. The hacker is also claiming to sell several related databases containing other information. These include 50,000 logins for other websites in the PSM network, 426,000 lines of failed login attempts, and 468,000 lines of "Members Geo IP data."

Motherboard has not verified the legitimacy of these apparent databases. TheNeoBoss is advertising the data for 0.962 bitcoins, or around $400.

When sent the smaller sample of apparent user data, Jamal Hussain, CTO of PSM, told Motherboard in an email, "This is not a live breach. The data is from a breach that happened in 2008. We were asked for a ransom, didn't pay it, made security updates and have not had any issues since. There was no credit card info taken and all accounts are no longer valid for our members area."

Hussain then diverted all comments to Steven Eisenberg, the company's lawyer. "Once a username is created PSM never blocks it out; however, once it expires, the user can no longer access the site. This would explain your results," Eisenberg wrote in an email. "As previously advised, the purported breach occurred approximately eight years ago, nothing ever came of the purported breach and PSM added additional security measures to its site. PSM is not aware of any other such issues."

But on March 31, the hacker briefly defaced the Team Skeet website, which Motherboard confirmed, and sent this reporter several screenshots of what appeared to be administrative panels for the porn network. These screenshots included dated entries for as recent as March 31, for what appear to be customer support tickets.

"We work with a high quality security firm and have had no reports or issues with any breaches recently," Hussain said in another email.

The FBI did not provide a comment in time for publication. This piece will be updated when the agency replies.

TheNeoBoss said he obtained some of the data via an SQL injection, an established attack to which many sites are vulnerable. He also claimed to have other forms of access to the PSM system, which he said the company had started to shut off.

The hacker allegedly tried to warn PSM of the website's vulnerabilities, and asked if the company ran a bug bounty program. PSM "didn't seem to care," the hacker said.