People can discuss just about anything on online forums. And as for sex and intimacy, there are certainly places for that.
One of which, is Flirtsexchat, a forum where people can discuss highly personal and explicit sex topics, including fetishes and trying to meetup with other members. And here, hackers have managed to get hold of Flirtsexchat's user data.
The data that was said to have been stolen some time in September, has since being offered on a cybercrime forum where others hackers and data collectors can buy.
According to Vice:
But Motherboard then found that it was not possible because the email addresses were already in use, suggesting that the stolen data do contain real user data.
According to the report, the data that has been hacked, included Flirtsexchat's usernames, the IP addresses the users use, and hashed passwords.
It was said that Flirtsexchat was hacked due to using the vBulletin forum software.
Back in September, an anonymous person published details of an exploit that can break into servers running vBulletin versions 5.0.0 to 5.5.4. vBulletin quickly patched the issue. But since many vBulletin forum sites hadn't installed the patch, including Flirtsexchat, hackers managed to break into the forum and steal user data.
The vulnerability (CVE-2019-16759) allowed attackers to execute shell commands on the server running the vBulletin installation.
The method of attack is called pre-authentication remote code execution attack, which doesn't require the attackers to register to the target's vBulletin board.
In a report, researchers were able to analyze and confirm that the exploit works on default configurations of vBulletin. Based on the public proof-of-concept code, unauthenticated attackers can send a specially crafted HTTP POST request to a vulnerable vBulletin host and execute the attack commands.
vBulletin is one of the most popular web forum software package, which has a market share comparable to open-solutions like phpBB, XenForo, Simple Machines Forum, etc.
In Flirtsexchat's case, the data that has been stolen could be used to pinpoint its users to their specific sexual orientations, fetishes and more. These kind of information are considered very sensitive and private that most people won't likely consider to share.
And if ever users used Flirtsexchat login credentials elsewhere on the web, the result can be much worse.