As Hackers Continue to Target Porn Sites, Pornhub Launches Bug Bounty Program

Maybe it's time for porn sites to take security much more seriously.

|
May 10 2016, 2:00pm

Image: Shutterstock

Since starting the Another Day, Another Hack series, Motherboard has noticed that porn sites seem to get compromised a lot.

In March, we reported a hacker had breached the Paper Street Media porn network, stealing email addresses and passwords for hundreds of thousands of users. Not long after, Forbes reported on a breach of millions of user accounts at Naughty America, a company that consists of some 46 individual porn sites. And although it wasn't hacked, the cam girl site MyFreeCams.com was deliberately undermining the password security of its models.

With this in mind, Pornhub is now offering to pay independent security researchers between $50 and $25,000 to find bugs in the site before hackers do.

"With recent events such as Ashley Madison and Naughty America's compromise, it has become clear that adult websites are an attractive target for hackers," Corey Price, Pornhub's vice president told Motherboard in an email.

The site, which gets 60 million visits a day, according to the company, hopes that this bug bounty program will help guard it against security breaches.

"It has become clear that adult websites are an attractive target for hackers."

"The public launch of Pornhub's Bug Bounty Program follows a private, invite-only beta program that the adult entertainment site ran last year, which compensated participants for helping to identify and fix about two dozen bugs," Pornhub spokesperson Chris Jackson told Motherboard in a statement.

The new program is being carried out through HackerOne, which also helps with bug bounty programs at Twitter, Uber, Slack, and more.

Some of the vulnerabilities that aren't covered by the program include those relating to HTTPS, or cross domain leakage.

The company faces attacks from almost every region of the world, and of varying levels of sophistication, Price said. Those attacks might include automated scanners, probing the site for vulnerabilities to exploit, or powerful DDoS attacks, he said.

Although not connected to the bug bounty program, malvertising, where cybercriminals submit malware-laden adverts to legitimate ad networks that then pump them into web pages, is one of Pornhub's biggest concerns.

The malicious adverts can re-direct victims to pages to deliver ransomware, which locks down computers until a hefty bounty is paid, or banking trojans, which can be used to siphon off funds.

In September of last year, Pornhub ended up serving malicious ads to visitors.

To combat malvertising, Price said the company is relying on external vendors. "We have invested a lot in partners such as RiskIQ and Geoedge to help us screen and take-down malicious ads before they affect our users," Price wrote. RiskIQ is a company selling products to detect external threats, while Geoedge is a service that scans adverts for malicious content.

Porn sites have traditionally been at the forefront of innovation on the internet, whether that's with video streaming, or even the adoption of VR. It's good to see some are catching on to the importance of innovating in security, too.