by Vincent S
As providing information has become second nature to us as most if not all modern services are becoming electronic, we sometimes forget how there are people in the world who are capable and willing to exploit such information. This past week, YouPorn.com suffered one of the largest data breaches in internet pornography history. An investigation conducted by the FCC concluded that the web site had a improperly functioning link that allowed for a hacker to return values from a user information database. In a past post I talked about SQL injections and how programmers can use that to return values stored in a database. This is what a hacker did this past week to the website due to their faulty link which enabled him to do this. The FCC commented that there were surprised this was not discovered sooner as the investigation results showed that the link has been up since 2007. Consequently, the offending hacker posted a a blog site that contained the full names and addresses of users of the website YouPorn.com. It was first discovered by a spouse of one its site members as a simple google search will reveal a blog site where users’ personal information is publicly displayed.
I find this article relevant considering all that we have doing lately with SQL. It is very interesting how new fears are becoming apparent in our lives which were not realistic fears twenty or thirty years ago. Having your personal information exposed in such a way that reveals personal exploits is something that reasonable people should not have t worry. Although users of the site do share in the responsibility as they understand the risk of giving information online. Even if the site is secured from allowing outside viewers from seeing the information as it is sent, that doesn’t the site will store it in a hack proof secure electronic location. Whoever YouPorn’s IT personnel or web developer is, I am sure he faces job termination with possible pending litigation if the company decides to throw him under the bus and take some personal responsibility for the mistake.
My thoughts on this subject are to just not give online information unless it is absolutely necessary. Paid pornography websites have personal information about you that tarnish your reputation. Even if no employee of the site does anything malicious, there is too much potential for outsiders to obtain the information. It is too much of a risk to be worth it. We must all be careful about our personal information in both tech environments (but especially in tech environments) as well as the outside world.
Dunn, John (Feb 23 2012) Retrieved on February 26, 2012 from http://www.pcworld.com/article/250532/youporn_data_breach_exposes_1_million_user_logins.html