Feb
22

YouPorn Data NOT Exposed

Filed under: YouPorn · 40 comments

You may have noticed that YouPorn.com has been in the news recently and we would like to take a moment to clear-up any misconceptions about what has been reported. Contrary to some reports, YouPorn.com has not suffered a breach of security. YouPorn.com users can rest assured, no data has been exposed.

The real focus of the recent news is YP Chat, an entirely separate service that was linked to from YouPorn.com. The chat service is owned and operated by a third party and is in no way associated with YouPorn.com. YP Chat is hosted on separate non-YouPorn servers and a security issue on said servers in no way creates a gateway to YouPorn.com’s secure data.

As soon as we, at YouPorn.com, became aware of the issue we took immediate steps to block access to YP Chat entirely and a thorough investigation was launched to evaluate the scope of the issue.

We’d like to stress again, none of YouPorn’s more than 4.75 Million user accounts were compromised. With respect to YP Chat user data, we’ve taken it upon ourselves to do an independent analysis. The investigation revealed that poor security practices resulted in YP Chat’s unencrypted daily user logs being left in an unsecured public directory. Some reports have used this information to claim that millions of user accounts were compromised, however, that is simply not the case. As the logs maintained daily records, users that accessed their YP Chat accounts on a recurring basis would have their activity appear in countless log files. This resulted in some media outlets over inflating the number of affected users, where in actual fact the number of unique users affected was several thousand, not millions.

The security of our user’s information has always been and will always be of paramount importance to us and the fact that a third-party service provider’s poor security practices could have such a negative impact on YouPorn users is disheartening to say the least.

Sincerely,

Brad Black
VP Operations
YouPorn.com

Note: If you have an YP Chat user account and use the same login information for any other website or service it is recommended that you update your information on other sites immediately.

{ 32 comments… read them below or add one }

Ryan Lackey February 22, 2012 at 6:46 pm

Given that users are likely to share passwords between Youporn and YP Chat, I’d strongly suggest freezing (or force-resetting) the Youporn accounts linked by email or common username with any YP Chat accounts which have been compromised.

Also, this is reason 89454987489 why people should be using password managers to generate and maintain strong, unique passwords for every site. With shared passwords, high security sites (ironically, like Youporn itself) are at risk to compromises at sites with bad security (like many banking or official applications).

TL February 23, 2012 at 1:41 pm

Crackers love when people use password managers, all of a persons passwords in one simple place :)

Borrisb February 25, 2012 at 10:44 am

I think this has been done I am a Youporn member with a YP Chat account and I got a message that my account is frozen for security reasons.

Gagarin February 23, 2012 at 6:40 am

yeah right! Liars. You’ve been compromised!!!!

TL February 23, 2012 at 1:45 pm

How would you know whether or not they have been compromised unless you were directly involved with compromising them? Why would they release a statement on the actual compromise but also lie about it? Crawl back into your basement and get back to watching porn.

Garry February 25, 2012 at 12:25 am
DF February 23, 2012 at 7:30 am

The login form and the support sucks. I registered last summer and forgot my login datas some day. There’s no ‘send me a password to my email’ function neither I got any kind of response on my email to support@youporn.com. Whish you all the worst. :((

YouPorn Jude February 23, 2012 at 10:15 am

Sorry to hear you had that experience, though you definitely won’t again. I’ve personally been handling all Support inquiries for months.

DF February 23, 2012 at 12:54 pm

Thank you, but if somebody would respond on emails, nobody needs to excuse. It would be better to improve your site and include a ‘Lost login?’ function and a way to change the password like other websites. This, and storing only hashed passwords, should be the obligatory minimum standard for all websites.

YouPorn Jude February 23, 2012 at 1:02 pm

Well, as the person that responds to all emails, I can tell you that if I saw your email it would have been responded too.

We plan to add more basic user profile functionality soon.

Also, all info stored on actual YouPorn servers is properly secured.

DF February 24, 2012 at 2:13 am

Well, as the person that responds to all emails, I can tell you that if I saw your email it would have been responded too.

It’s not only one mail. I also used the contact form on another day and also got no kind of response. And yes: I also watched the spam folder of my email account.

Also, all info stored on actual YouPorn servers is properly secured.

You’re also responsible for a properly security of the services you offer. Especially if they’re 3rd party services.
You’re also responsible for a properly working support for user data.
And what happened? Sorry if I cannot believe you anymore.

Adam Bottjen February 23, 2012 at 12:12 pm

Why weren’t you hashing the passwords of the YP Chat? Are you also not hashing the passwords of YP?

YouPorn Jude February 23, 2012 at 12:23 pm

As stated in the above post, we did not operate YP Chat, the service was provided by a third-party company and they were the ones responsible for not correctly protecting the information logged on their own servers. All information housed on YouPorn servers is properly protected.

Thelilhipster February 23, 2012 at 1:57 pm

So you are not responsible for vetting the services that are directly connected with you? Interesting.

JustPassingBy February 23, 2012 at 4:40 pm

It is not a question of hashing the passwords or not. From the logs screenshots I have seen, these guys were logging whatever data is submitted in the form, whether the registration or the login form. So even if the password is hashed in the database, users still enter their non-hashed password in the form. And this is what was being logged.

Bajsaassa February 23, 2012 at 4:53 pm

Then I’d love to hear your explanation to why the hell I can add favourites (vids) to an account that’s not mine (I don’t even have an account here on youporn). “Contrary to some reports, YouPorn.com has not suffered a breach of security. YouPorn.com users can rest assured, no data has been exposed…The real focus of the recent news is YP Chat.” Guess you’re trying this thing called “damage control”. Better luck next time.

Xxx

Bajsaassa February 23, 2012 at 5:02 pm

Btw. I’d like to give you a basic advice for the future. Serious websites keeps their user’s mail, username and password encrypted.

Garry February 25, 2012 at 10:55 am

Encrypting the user info wouldn’t have made a difference the service was logging the all info from the form which is not encrypted. They have said they protect the data of youporn users.

Garry February 25, 2012 at 10:57 am

Some people use the same username and password for multiple accounts so if they used the same username and password for both youporn and yp chat you would be able to login.

Luslol February 24, 2012 at 12:49 am

this thing is disgusting
I am a user of the chat for three years
in vain
we tried that administrators monitor spam
never anything
never a reply,
NEVER
I also sent email
AND NOW THIS!
you suck !.

A.L. February 24, 2012 at 6:10 pm

Don’t blame it on YouPorn…blame it on YouPorn doing business with shady vendors: http://www.securitymanagement.com/news/youporn-blames-third-party-provider-data-breach-009582

gthr February 24, 2012 at 2:41 am

So, as a yp chat user, what is my risk?

YouPorn Jude February 24, 2012 at 10:39 am

You should change your YouPorn login information right away (use form http://www.youporn.com/contact/), and anywhere else you used the same login information should be changed for safety sake as well.

Trinity February 24, 2012 at 8:52 am

Please teach how I can change my password, anyway. Thank you.

YouPorn Jude February 24, 2012 at 10:39 am

Contact us using the form at http://www.youporn.com/contact/

Terrastone February 24, 2012 at 11:03 am

So what does that mean for us who just want to get back on?

YouPorn Jude February 24, 2012 at 11:07 am

If by get back on you mean get back into Chat, unfortunately it will likely be some time until we offer Chat again. We’ll have to find a new, trustworthy, safe and secure solution to use.

Mikka February 25, 2012 at 10:46 am

I use Youporn all the time but never used YP Chat is my account safe?

Jordan Pornhub Chick February 25, 2012 at 8:20 pm

Good question

YouPorn Jude February 26, 2012 at 1:43 am

Your Youporn account is 100% safe the Youporn accounts were at never compromised and there is no sharing of data between Youporn and YP Chat.

ceacliu March 6, 2012 at 4:17 pm

mancami-ati pula…..best of the best…

coffeebutler October 15, 2012 at 3:17 pm

when is yp chat going to be back on ? can anyone tell me ?

{ 8 trackbacks }