Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » MyFreeCams hack: 2 million user records stolen from top adult streaming site and sold on hacker forum

MyFreeCams hack: 2 million user records stolen from top adult streaming site and sold on hacker forum

by Edvardas Mikalauskas
21 January 2021
in Security
2
MyFreeCams data leaked on hacker forum
38
SHARES

UPDATE January 22: The threat actor has now deleted their post, as well as their account, from the hacker forum. They’ve also emptied their cryptocurrency wallet after collecting ~$22,400 in Bitcoin for the stolen data across 49 transactions.

The leak could put all MyFreeCams users at risk of blackmail attempts, credential stuffing attacks, and more.

A database that purportedly belongs to MyFreeCams.com, one of the top adult chat and web streaming communities, is being sold on a popular hacker forum. According to the post author, the data was exfiltrated from the company servers in December 2020 by carrying out an SQL injection attack, and includes 2 million user records of MyFreeCams Premium members, including their usernames, email addresses, MyFreeCams Token (MFC Token) amounts, and passwords in plain text.

Text  Description automatically generated

The author of the forum post is asking for $1500 in Bitcoin per 10,000 user records and claims that a single batch would net the buyers at least $10,000, which they could make by selling premium accounts with MFC Token (MyFreeCams’ virtual currency) balances on the black market.

We asked MyFreeCams if they could confirm that the leak was genuine, and whether they have alerted their members and models. The company swiftly responded to our requests and immediately notified affected users and reset their passwords. According to MyFreeCams, their investigation “traced this data to a security incident that occurred more than ten years ago in June 2010” and “the exploit that was used to obtain this data was closed shortly after it occurred.”

“MFC’s current systems prevent any similar attack. Until now, MFC did not have evidence that user data was actually compromised as part of the incident. We have informed affected users by email and reset their passwords. No credit card information was stored or compromised.”

MyFreeCams

With that said, it’s unclear how many accounts are in the threat actor’s possession, which means that there is a possibility that all MyFreeCams accounts could have been compromised.

To see if any of your online accounts were leaked, use our personal data leak checker with a library of 15+ billion breached records.

What’s in the database?

Based on the samples we saw from the database, it appears to contain:

  • Usernames
  • Email addresses
  • Passwords in plain text
  • MFC Token balances

Example of leaked data:

Who is the company behind the leak?

MyFreeCams is a live streaming ‘adult cam model’ website that offers explicit content intended only for mature audiences. 

Ranked as the 619th most visited website on the Internet based on monthly traffic, it’s one of the world’s largest adult streaming websites boasting nearly 70 million visitors each month. It is predominantly used by amateur webcam models to stream live shows and chat with site members who can purchase virtual MFC Tokens that they can use to tip the models or watch private shows.

  • We’ve put together a list of the best antivirus software in 2021
  • Find out how a VPN can help you stay protected online
  • See our list of the best VPNs on offer

Who had access to the data?

The database is available for the entire userbase of the popular hacker forum to download in 10,000-line increments for $1500 worth of Bitcoin.

Based on the forum post author’s Bitcoin wallet balance, they have already received BTC 0.60222754 (which amounts to about $21,600) for what appears to be at least 14 batches of 100,000 users from buyers, with a total of 45 transactions executed at the time of writing.

That being said, it’s unclear how many accounts were exploited by the buyers before the passwords of the affected accounts were reset by MyFreeCams.

What’s the impact of the leak?

The data found in the hacked MyFreeCams database can be used in a variety of ways against the users whose information was exposed, including the following:

  • Blackmailing and extorting money from MyFreeCams account owners by threatening to expose their identity and MFC membership to others, including friends and family.
  • Stealing the accounts along with their MFC Token balances from the owners and selling them on the black market.
  • Committing credential stuffing attacks against the members’ other online accounts.
  • Using the data from the database to mount targeted phishing attacks.
  • Spamming the victims’ emails.

Fortunately, the stolen MyFreeCams database does not contain any highly sensitive information like credit card numbers or passport IDs. However, even email addresses and plain text passwords can be enough to take over the victims’ other accounts if they use the same login credentials across multiple online services.

Next steps

If you have a MyFreeCams account, immediately change your password and consider using a password manager to create strong, complex passwords.

Even though MyFreeCams reset the passwords of the affected accounts, it’s not certain that the threat actor who is selling the database is not in possession of more compromised MyFreeCams accounts that they have not yet managed to dehash.

If you’ve been using the compromised password for any other online services, make sure to change it there as well. Using a unique password for each online service will prevent threat actors from reusing it for credential stuffing attacks.

Share37TweetShareShare
Next Post
Google logo

Google says to block search engine in Australia if forced to pay for news

Comments 2
  1. Phillip Matthews says:
    1 month ago

    there is a group from git hub that has accessed my laptop ,desktop, and cell phones since 2017 they have damaged 3 computers 7 hard drives 1 Microsoft computer stick and 6 cell phones they are using xml camlets and I’ve asked for help from google and Microsoft to find out they don’t stand behind there privacy guaranty .i have not give permissions for them to be on any of my computers but yet they are on all of them. Any help would be the first since 7/17/2017

    Reply
  2. K says:
    3 weeks ago

    Was it just usernames,email addresses, passwords and token balance that were leaked? Or was there further data also leaked?

    Reply
Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

COMb data leak - Mother of all breaches
News

COMB: largest breach of all time leaked online with 3.2 billion records

by Bernard Meyer
12 February 2021
37

It's being called the biggest breach of all time and the mother of all breaches: COMB, or the Compilation of...

Read more
14 million Amazon and eBay accounts sold online in new leak

14 million alleged Amazon and eBay account details sold online

17 February 2021
The hype around quantum computing: it’s not too early to get in

The hype around quantum computing: it’s not too early to get in

15 February 2021
Facebook phishing campaign that tricked nearly 450,000 users in Germany is now spreading in the UK

Facebook phishing campaign that tricked nearly 450,000 users in Germany is now spreading in the UK

15 February 2021
Cyberpunk 2077 maker CD Projekt Red has GWENT source code leaked after ransomware attack

Cyberpunk 2077 maker CD Projekt Red has GWENT source code leaked after ransomware attack

10 February 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
  • Tools
    • Password generator
    • Personal data leak checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!