So much, the system has leaked far more than 14 million person accounts with extra than 24 GB truly worth of data files. The server is updating itself with new info each individual 2nd.
Hjedd, an notorious Chinese adult content and NSFW platform has been exposing a treasure trove of user info on the net because at the very least July 2022. This was learned by impartial security researcher Anurag Sen who confirmed to Hackread.com that the server is still exposed and publicly available without the need of any protection authentication or password.
For your details, a database or server exposed without security authentication suggests anybody with a slight little bit of knowledge about finding unsecured databases on Shodan and other these platforms can have complete obtain to Hjedd’s consumer data.
In accordance to Sen and as viewed by Hackread.com, the uncovered details contains the adhering to:
- Phone Numbers
- Member Details
- Users’ Remarks
- E-mail Addresses
- Bcrypt Hashed Passwords
- Login Ip address and information
- Messages concerning Buyers revealing Non-public contents
At the time of producing, Hackread.com can validate that the leaky server includes particulars of above 14 million people with much more than 24 GB value of data.
What’s worse, the details is remaining regularly current with aspects of new and previously registered customers.
Problems is Currently Accomplished
Sen alerted Hjedd on a number of instances but the business has so considerably unsuccessful to reply or safe its server. Nevertheless, Hackread.com can verify that cyber criminals have already identified their way to the server and leaked the databases (apparently with 13.4 million users’ accounts) on a hacker discussion board which surfaced as an different to well-known and now-sized Raidforums.
According to the researcher, the data stored in this databases is vulnerable to spam advertising and phishing campaigns. Leaving info like username, email, and Mobile amount.
Also, its outcomes may perhaps bring about actual physical damage. It can bring about revealing identities for the discussion board members. The leaked passwords, on the other hand, are hashed but they can be matched with encrypted hashes of the password record to obtain the plain textual content password for the accounts.