Hardly any piece of information is more sensitive than the personal details of adult content website users. However, Frivol.com, an adult site specializing in amateur content, has exposed hundreds of thousands of its users.
-
Frivol.com exposed a database containing 479,000 user emails including some corporate email addresses.
-
Cybernews researchers discovered the open instance in January 2026 which the company promptly secured
-
The exposed data elevates the risks for sextortion and social engineering attacks against adult content consumers.
-
The company denied any data leak of its records took place.
The user-made adult content website accidentally left a private database open, spilling 479,000 unique user emails. While leaking email addresses is typically low on the cybersecurity risk scale, adult sites play by different rules.
The leaky database, discovered by Cybernews researchers in early January, belongs to Frivol.com, a platform for amateur adult content creators. Even though the website's operator, Interquest Media, is registered in Spain, the content is marketed to German-speaking audiences.
The company told Cybernews that customer data was not stored on impacted systems and denied that Frivol suffered a data leak.
“No customer data was stored in the affected system. At no point was there any risk of a data leak. Only insignificant log data was affected,” the company’s representative told Cybernews.
Why is leaking an email address dangerous?
According to our team, email address data leaks elevate the risk of social engineering attacks and identity profiling, yet information from adult sites adds the risk of harassment and sextortion, a type of cybercrime where attackers coerce users into sending nude images, which are later used to extort them.
“Moreover, individuals exposed by the data leak may experience reputational or psychological harm due to the stigma and shame often associated with adult content,” our team explained.
What makes matters worse is that some of the email addresses used to register an account on Frivol.com are work emails, as their domains correspond to easily identifiable organizations.
“The incident highlights how vulnerable even the tiniest amount of personal data can become if not handled properly by the company, as well as the importance of separating personal and professional online activity,”
Cybernews researchers noted.
It’s likely that users avoided registering with their personal email to keep their adult content preferences away from their home and family lives. Attackers could exploit this information to extort exposed individuals, threatening to reveal their activities to loved ones or employers.
“The incident highlights how vulnerable even the tiniest amount of personal data can become if not handled properly by the company, as well as the importance of separating personal and professional online activity, and assessing one’s digital footprint,” Cybernews researchers noted.
Researchers reached out to the company after discovering the Frivol.com-owned Kibana instance. While the amateur content website did not acknowledge the issue, the exposed database was promptly removed from public view.
While the team observed no indication that the exposed data was exploited, malicious actors constantly scan the internet with automated tools to catch exposed databases. If our team managed to find it, so could threat actors.
Even though adult content data leaks are extremely sensitive, companies operating sensitive user data leak the information from time to time. For example, last year, our team discovered that numerous BDSM, LGBTQ+, and sugar dating apps were found exposing users' private images, with some of them even leaking photos shared in private messages.
- Leak discovered: January 15th, 2026
- Initial disclosure: January 20th, 2026
- Leak closed: Before January 26th, 2026
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked