Feb
22

YouPorn Data NOT Exposed

Filed under: YouPorn · 40 comments

You may have noticed that YouPorn.com has been in the news recently and we would like to take a moment to clear-up any misconceptions about what has been reported. Contrary to some reports, YouPorn.com has not suffered a breach of security. YouPorn.com users can rest assured, no data has been exposed.

The real focus of the recent news is YP Chat, an entirely separate service that was linked to from YouPorn.com. The chat service is owned and operated by a third party and is in no way associated with YouPorn.com. YP Chat is hosted on separate non-YouPorn servers and a security issue on said servers in no way creates a gateway to YouPorn.com’s secure data.

As soon as we, at YouPorn.com, became aware of the issue we took immediate steps to block access to YP Chat entirely and a thorough investigation was launched to evaluate the scope of the issue.

We’d like to stress again, none of YouPorn’s more than 4.75 Million user accounts were compromised. With respect to YP Chat user data, we’ve taken it upon ourselves to do an independent analysis. The investigation revealed that poor security practices resulted in YP Chat’s unencrypted daily user logs being left in an unsecured public directory. Some reports have used this information to claim that millions of user accounts were compromised, however, that is simply not the case. As the logs maintained daily records, users that accessed their YP Chat accounts on a recurring basis would have their activity appear in countless log files. This resulted in some media outlets over inflating the number of affected users, where in actual fact the number of unique users affected was several thousand, not millions.

The security of our user’s information has always been and will always be of paramount importance to us and the fact that a third-party service provider’s poor security practices could have such a negative impact on YouPorn users is disheartening to say the least.

Sincerely,

Brad Black
VP Operations
YouPorn.com

Note: If you have an YP Chat user account and use the same login information for any other website or service it is recommended that you update your information on other sites immediately.

  • Ryan Lackey

    Given that users are likely to share passwords between Youporn and YP Chat, I’d strongly suggest freezing (or force-resetting) the Youporn accounts linked by email or common username with any YP Chat accounts which have been compromised.

    Also, this is reason 89454987489 why people should be using password managers to generate and maintain strong, unique passwords for every site. With shared passwords, high security sites (ironically, like Youporn itself) are at risk to compromises at sites with bad security (like many banking or official applications).

    • http://twitter.com/TL TL

      Crackers love when people use password managers, all of a persons passwords in one simple place :)

    • Borrisb

      I think this has been done I am a Youporn member with a YP Chat account and I got a message that my account is frozen for security reasons.

  • Pingback: YouPorn, password e mail rubate e pubblicate online: violata YP Chat

  • Pingback: Wyciekły dane ponad miliona użytkowników YouPorn.com | Zaufana Trzecia Strona

  • Gagarin

    yeah right! Liars. You’ve been compromised!!!!

    • http://twitter.com/TL TL

      How would you know whether or not they have been compromised unless you were directly involved with compromising them? Why would they release a statement on the actual compromise but also lie about it? Crawl back into your basement and get back to watching porn.

    • Garry

      Troll!

  • DF

    The login form and the support sucks. I registered last summer and forgot my login datas some day. There’s no ‘send me a password to my email’ function neither I got any kind of response on my email to support@youporn.com. Whish you all the worst. :((

    • http://blog.youporn.com YouPorn Jude

      Sorry to hear you had that experience, though you definitely won’t again. I’ve personally been handling all Support inquiries for months.

      • DF

        Thank you, but if somebody would respond on emails, nobody needs to excuse. It would be better to improve your site and include a ‘Lost login?’ function and a way to change the password like other websites. This, and storing only hashed passwords, should be the obligatory minimum standard for all websites.

        • http://blog.youporn.com YouPorn Jude

          Well, as the person that responds to all emails, I can tell you that if I saw your email it would have been responded too.

          We plan to add more basic user profile functionality soon.

          Also, all info stored on actual YouPorn servers is properly secured.

          • DF

            Well, as the person that responds to all emails, I can tell you that if I saw your email it would have been responded too.

            It’s not only one mail. I also used the contact form on another day and also got no kind of response. And yes: I also watched the spam folder of my email account.

            Also, all info stored on actual YouPorn servers is properly secured.

            You’re also responsible for a properly security of the services you offer. Especially if they’re 3rd party services.
            You’re also responsible for a properly working support for user data.
            And what happened? Sorry if I cannot believe you anymore.

  • Pingback: Anonymous

  • http://www.facebook.com/adambottjen Adam Bottjen

    Why weren’t you hashing the passwords of the YP Chat? Are you also not hashing the passwords of YP?

    • http://blog.youporn.com YouPorn Jude

      As stated in the above post, we did not operate YP Chat, the service was provided by a third-party company and they were the ones responsible for not correctly protecting the information logged on their own servers. All information housed on YouPorn servers is properly protected.

      • Thelilhipster

        So you are not responsible for vetting the services that are directly connected with you? Interesting.

    • JustPassingBy

      It is not a question of hashing the passwords or not. From the logs screenshots I have seen, these guys were logging whatever data is submitted in the form, whether the registration or the login form. So even if the password is hashed in the database, users still enter their non-hashed password in the form. And this is what was being logged.

  • Bajsaassa

    Then I’d love to hear your explanation to why the hell I can add favourites (vids) to an account that’s not mine (I don’t even have an account here on youporn). “Contrary to some reports, YouPorn.com has not suffered a breach of security. YouPorn.com users can rest assured, no data has been exposed…The real focus of the recent news is YP Chat.” Guess you’re trying this thing called “damage control”. Better luck next time.

    Xxx

    • Bajsaassa

      Btw. I’d like to give you a basic advice for the future. Serious websites keeps their user’s mail, username and password encrypted.

      • Garry

        Encrypting the user info wouldn’t have made a difference the service was logging the all info from the form which is not encrypted. They have said they protect the data of youporn users.

    • Garry

      Some people use the same username and password for multiple accounts so if they used the same username and password for both youporn and yp chat you would be able to login.

  • Pingback: MsnIndia.co.in Website Directory » Porn site exposes personal details of up to 3m users

  • Pingback: Nerd Nightly News - TDW Geeks

  • Luslol

    this thing is disgusting
    I am a user of the chat for three years
    in vain
    we tried that administrators monitor spam
    never anything
    never a reply,
    NEVER
    I also sent email
    AND NOW THIS!
    you suck !.

  • gthr

    So, as a yp chat user, what is my risk?

    • http://blog.youporn.com YouPorn Jude

      You should change your YouPorn login information right away (use form http://www.youporn.com/contact/), and anywhere else you used the same login information should be changed for safety sake as well.

  • Trinity

    Please teach how I can change my password, anyway. Thank you.

  • Terrastone

    So what does that mean for us who just want to get back on?

    • http://blog.youporn.com YouPorn Jude

      If by get back on you mean get back into Chat, unfortunately it will likely be some time until we offer Chat again. We’ll have to find a new, trustworthy, safe and secure solution to use.

  • Pingback: Sex Tech: YouPorn NOT Hacked, Richard Branson dot-XXX, A Porn Kickstarter » HD Network Technology Blog

  • Mikka

    I use Youporn all the time but never used YP Chat is my account safe?

    • http://twitter.com/Pornhub Jordan Pornhub Chick

      Good question

    • http://blog.youporn.com YouPorn Jude

      Your Youporn account is 100% safe the Youporn accounts were at never compromised and there is no sharing of data between Youporn and YP Chat.

  • Pingback: Wpadka tygodnia – odcinek 7 | Zaufana Trzecia Strona

  • Pingback: Youporn : la France fap — Le Tag Parfait

  • ceacliu

    mancami-ati pula…..best of the best…

  • coffeebutler

    when is yp chat going to be back on ? can anyone tell me ?