Adult streaming site MyFreeCams has two million user records stolen

Stolen user records are now being sold on a popular hacker forum

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Users of the popular adult streaming site MyFreeCams could be at risk from online attacks as a database containing the site’s user data is now being sold on a popular hacker forum.

As reported byCyberNews, the data was exfiltrated from the company’s servers back in December following a successfulSQL injection attack. The database itself contains user records from 2m MyFreeCams Premium members including their usernames, email addresses, MyFreeCams Tokens (MFC Tokens) amounts and plain text passwords.

The author of the post on the hacker forum is now selling off the data stolen in the attack in 10,000 user record blocks for the price of $1500 inbitcoin. However, they claim that other cybercriminals could easily earn at least $10,000 from a single batch of user records by selling premium accounts with MFC Token balances on the black market.

After discovering that user records from the database were being sold online,CyberNewsreached out to MyFreeCams and the company immediately notified affected users and reset their passwords.

MyFreeCams database

Based on samples seen byCyberNews, the news outlet’s security researchers believe the stolen data contains usernames, email addresses, plain text passwords and MFC Token balances.

The adult streaming site’s user records appear to be in high demand among cybercriminals as the forum post author’sbitcoin walletshows a balance of around $21,600. This means that at least 14 batches of data from 100,000 MyFreeCams users has already been purchased.

This data could be used to blackmail the site’s users, commitcredential stuffingattacks, launch targeted phishing attacks and to spam victims' emails. Thankfully though, the database does not contain any sensitive information or financial data such as credit card numbers or passport IDs. However, stolen email addresses and plain text passwords can be enough to take over victims' other accounts if they use the same credentials across multiple online services.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Senior information security researcher Mantas Sasnauskas provided further insight on the implications of the MyFreeCams data breach in a statement, saying:

“When leaks like this happen, the dangers lie not only in breached accounts and passwords or stolen virtual currencies. Breaches like this raise serious privacy issues: most users of websites like MyFreeCams would undoubtedly prefer to remain anonymous, but now their email addresses can be used to out them as cam site members. It’s not difficult to imagine the implications if this information was used maliciously. For example, to extort and blackmail people to pay up, leak their user details from the website, or even simply reveal the fact that they frequent the website to their families, employers, or the general public.”

MyFreeCams users should reset their passwords immediately and consider using apassword managerto generate unique, strong and complex passwords to further secure their online accounts.

ViaCyberNews

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace