An SQL injection attack has led to a database filled with customer information for the site MyFreeCams being sold on a criminal forum. MyFreeCams is an adult video streaming and chat service with over ten million users. In total, the hacker claims to have obtained the account information of around two million users. The information that was accessed contains usernames, plain-text passwords, and email addresses. Having this information could allow for someone to extort the users for their on-site currency, also known as tokens, which can then be sold for a profit. The asking price for smaller pieces of the database when posted on January 14th was $1,500 in Bitcoin for 10,000 lines or records. This led to many users on the criminal forum asking for smaller portions of the database. CyberNews, which is responsible for breaking the news of the breach, stated that the seller’s crypto wallet had received 45 different payments, so it’s likely a significant percentage of the database has already been sold. MyFreeCams also confirmed to CyberNews that the database is legitimate. Customers of MyFreeCams have been notified and asked to change their passwords.
Analyst Notes
Binary Defense analysts are aware of other email campaigns recently that attempt to extort people by claiming to have proof that the targeted person was viewing adult videos and threatening to share this information with their friends and family members unless they pay. If the affected users of MyFreeCams use the same or a similar password to access their email account, Facebook or other social media account as the one they used on the site, it is possible that attackers will log into their email or social media, get their contact list, and attempt a similar scam using the stolen information as proof. Users that have been notified by MyFreeCams should monitor their accounts for suspicious activity. If abnormal account activity is noticed, it should be reported to MyFreeCams as soon as possible. Passwords for the impacted accounts should be changed immediately. It is also important to make sure passwords are not being reused on other accounts. Companies storing customer information should highly consider multi-factor authentication (MFA) and password hashing to further protect their data.
Source: https://www.bleepingcomputer.com/news/security/myfreecams-site-hacked-to-steal-info-of-2-million-paying-users/
