A recently disclosed vBulletin zero-day (CVE-2019-16759) has been used to hack, and steal information from, online forums used by around 300,000 sex workers and their clients.
The data from the forums - girlforum.escortforumit.xxx (Italy) and hookers.nl (Netherlands) - includes usernames, email addresses, and password hashes, and is being sold for US$300 on hacking forums.
The hacker told Dutch news site NOS that he was yet to sell the data, but was confident it will sell, stating: "Certainly people want to buy it, bro."
Even though prostitution is legal in Italy and the Netherlands, the information could be used for blackmail (think 'Ashley Madison'), as many sex workers and clients wish to remain anonymous.
As for the hacker, he doesn't feel guilty about his actions: "It only concerns fewer than three hundred thousand users. Tens of thousands of websites are hacked every day. I am not the devil. It is not a question of whether your website is hacked, but when."
