The database was left exposed on an Elasticsearch Cluster without any password or security authentication.
StripChat is one of the top five adult cam sites on the internet. Earlier this month, this site suffered a database mess up that leaked sensitive data, including payment details and chat messages of roughly 200 million of the site’s adult cam models and users.
StripChat is a Cyprus-based website founded in 2016, and it sells its users live access to nude models. The exposed data was reported to StripChat on the day it was discovered, and the company secured it within three days.
Comparitech’s security research head, Volodymyr Bob Diachenko, reported that a database containing highly sensitive information on the site’s models and users was identified online without password protection. The database was discovered on Elasticsearch Cluster on 5 November.
About Exposed Data
The data included 65 million user records that comprised email IDs, IP addresses, the sum in tips given to the models, timestamp of when the account was created, and user’s last activity.
The other database they discovered contained roughly 421,000 records of the