Dutch Prostitution Site Hookers.nl Hacked—250,000 Users’ Data Leaked

Prostitution in Amsterdam

Prostitutes stand behind glass doors in Amsterdam's Red Light District.

Horacio Villalobos/Corbis via Getty Images

 

Hackers have obtained the data and personal details of around 250,000 users of the Dutch sex-work forum Hookers.nl.

The breach was confirmed by a Hookers.nl moderator on Thursday, who said the forum software supplier, vBulletin, had reported that a vulnerability had allowed an outsider access to site’s database.

“Action has been taken as quickly as possible. vBulletin has released a software patch that we have implemented after testing to address the leak,” the moderator wrote.

“Nevertheless, a data breach has occurred and the email addresses have been stolen from all users.” They claimed the email addresses were being offered for sale online by the hackers and recommended users change their login details.

“Offering this information for sale is punishable by law, and if possible we will take legal action,” the moderator added. “In addition, a report has been made to the Dutch data protection authority.”

The site is reportedly used by both sex workers and their customers. Though prostitution is legal in the Netherlands, one serious concern around such leaks is that users real identities will be exposed and they will face blackmail, personal or professional consequences. That’s what happened in the bigger breach of adultery hook-up site Ashley Madison, which resulted in many a personal catastrophe.

“The hacker, who appears to show no remorse, could potentially accept payment and still leak the data to the internet,” said Ray Walsh, digital privacy advocate at ProPrivacy.com. “For victims, it is going to be hard to make a decision, the temptation to pay up may be high, but there is no guarantee that this will result in their identity being kept a secret."

Dutch broadcaster NOS, which broke the story, spoke to the hacker responsible, confirming that the data leak includes user names, IP addresses and passwords. Those passwords are protected by encryption, though it’s possible they could be cracked.

NOS viewed some of the data and said it could determine some real names of users. The publication also spoke to the hacker, who said the data hadn’t yet sold, but they expected it would soon. “Certainly people want to buy it, bro,” he says.

">

 

Hackers have obtained the data and personal details of around 250,000 users of the Dutch sex-work forum Hookers.nl.

The breach was confirmed by a Hookers.nl moderator on Thursday, who said the forum software supplier, vBulletin, had reported that a vulnerability had allowed an outsider access to site’s database.

“Action has been taken as quickly as possible. vBulletin has released a software patch that we have implemented after testing to address the leak,” the moderator wrote.

“Nevertheless, a data breach has occurred and the email addresses have been stolen from all users.” They claimed the email addresses were being offered for sale online by the hackers and recommended users change their login details.

“Offering this information for sale is punishable by law, and if possible we will take legal action,” the moderator added. “In addition, a report has been made to the Dutch data protection authority.”

The site is reportedly used by both sex workers and their customers. Though prostitution is legal in the Netherlands, one serious concern around such leaks is that users real identities will be exposed and they will face blackmail, personal or professional consequences. That’s what happened in the bigger breach of adultery hook-up site Ashley Madison, which resulted in many a personal catastrophe.

“The hacker, who appears to show no remorse, could potentially accept payment and still leak the data to the internet,” said Ray Walsh, digital privacy advocate at ProPrivacy.com. “For victims, it is going to be hard to make a decision, the temptation to pay up may be high, but there is no guarantee that this will result in their identity being kept a secret."

Dutch broadcaster NOS, which broke the story, spoke to the hacker responsible, confirming that the data leak includes user names, IP addresses and passwords. Those passwords are protected by encryption, though it’s possible they could be cracked.

NOS viewed some of the data and said it could determine some real names of users. The publication also spoke to the hacker, who said the data hadn’t yet sold, but they expected it would soon. “Certainly people want to buy it, bro,” he says.

Follow me on Twitter. Check out my website. Send me a secure tip.

I'm associate editor for Forbes, covering security, surveillance and privacy. I’ve been breaking news and writing features on these topics for major publications since

...