A hacker has compromised the private data of users using the adult chatting and video streaming service known as MyFreeCams.

MyFreeCams is a well-known adult chatting and video streaming service with millions of users in its client list. Since the service offers free access to adult chat rooms of a multitude of people, there are many well-paying users of the service.

Free users are given the option to upgrade to a premium membership by paying for tokens that can give access to otherwise inaccessible content or feature or spent to tip the models.

Injection attack on the data servers:

The hacker is allegedly trading a database containing the login details of about two million premium members of the service.

The hacker claims of obtaining the database very recently by applying a successful SQL injection attack on the servers of the streaming service. And now, as a result of the injection attack, the hacker can also poach the funds of the infected premium users.

Extortion profits to hackers:

Back in January, the hacker was vending the database and was offering 10,000 accounts for $1500 in bitcoins claiming that the login credentials guarantee extorts of more than $10,000.

It was however observed that buyers were not keen on buying such bull records at a time and urged if they could purchase smaller batches like  1,000 accounts for $150. 

And now, in an effort to boost the trade, the hacker advertised that they would trade the accounts only one time. This results in the buyers getting varied logins.

Also read,

In reference to samples viewed by experts, the stolen data seemingly contains private usernames, email IDs, passwords, and MFC Token balances.

MyFreeCams user records are of the high resource among hackers as the hacker forum showcasing the hacker’s bitcoin wallet exhibits a balance of around $21,600. This means at the very least 14 batches of data of 100,000 MyFreeCams victims have already been bought by hackers.

This a severe cybersecurity concern since the hacked data can be exploited for a number of cyberattacks. These can include blackmailing the site’s users to extort money, launch credential stuffing attacks, targeted phishing attacks, and spamming victims’ private emails. 

Although the database does not contain any sensitive information or financial data such as credit card numbers or passport IDs, the stolen email IDs and passwords can be leveraged to exploit the victims’ other web accounts if they have the same credentials.

Users and members of MyFreeCams services are highly recommended to take necessary precautions and update their important login credentials.