Security News

Prostitution Forums Hacked Using vBulletin Zero-Day

A recently disclosed vBulletin zero-day (CVE-2019-16759) has been used to hack, and steal information from, online forums used by around 300,000 sex workers and their clients.

The data from the forums - (Italy) and (Netherlands) - includes usernames, email addresses, and password hashes, and is being sold for US$300 on hacking forums.

The hacker told Dutch news site NOS that he was yet to sell the data, but was confident it will sell, stating: "Certainly people want to buy it, bro."

Even though prostitution is legal in Italy and the Netherlands, the information could be used for blackmail (think 'Ashley Madison'), as many sex workers and clients wish to remain anonymous.

As for the hacker, he doesn't feel guilty about his actions: "It only concerns fewer than three hundred thousand users. Tens of thousands of websites are hacked every day. I am not the devil. It is not a question of whether your website is hacked, but when."

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Receive alerts for vulnerabilities, zero-days, security news and more

Try our FREE 14-day trial. See an example email

Example email for SecAlerts