In case you’re wondering why would anyone create an account on an adult website, you'd better ask the US Army because emails associated with the department have been spotted in a hacked xHamster database that’s now available for purchase online.
A report from Motherboard (via Leakbase) reveals that details of no less than 380,000 xHamster accounts are now on sale in the underground digital world, and they include usernames, email addresses, and MD5 hashed passwords.
An xHamster account allows users of the adult website to upload their own videos, but also to post comments, create playlists, or save videos that can be watched at a later time.
We’re not judging, but it turns out that the database also includes emails that you wouldn’t normally expect to find on such a website, including some that are associated with the US Army, the UK, or other governments across the world.
According to the aforementioned source, the database is believed to come from an attack on xHamster earlier this year, but nobody knows for sure how exactly hackers got all the details, as the website previously explained that no data was compromised.
Passwords hashed using MD5 algorithm
Motherboard, however, attempted to create new accounts on xHamster using 50 of the email addresses that are included in this database and got a message saying that those addresses were already being used for other accounts.
xHamster claims that even though these details are being traded online, there’s still no risk for its users because all passwords are encrypted, so the only things that hackers might have obtained are usernames and email addresses. But the source claims that passwords are MD5 hashed, which means that it could take only a few seconds to actually discover the password for an account.
“The passwords of all xHamster users are properly encrypted, so it is almost impossible to hack them. Thus, all the passwords are safe and the users data secured,” xHamster says.
The only good part is that the leaked details are not public just yet, so the first thing that users who might be included in this database should do is change their passwords.